[ale] iptables redirect
Jim Kinney
jim.kinney at gmail.com
Sun Nov 23 21:52:38 EST 2008
Use apache redirect instead of iptables.
If you want to use iptables you need a reverse rule. The DNAT will send
packets to the new server. You need an SNAT rule that will accept packets
FROM the new server and send them back to the client as the old server.
iptables -t nat -A POSTROUTING -s 65.254.217.215 -j SNAT --to-source
209.168.246.236
And you will need corresponding -j ACCEPT rules in -t filter FORWARDING
section to allow return traffic to pass back through.
2008/11/23 Christoper Fowler <cfowler at outpostsentinel.com>
> I've moved a server to a new colo and I want to redirect services from
> the first colo to the second until the DNS change takes full effect.
>
> Here is what I've done.
>
> *[root at demo tomcat]# ifconfig eth0:2 209.168.246.236
> [root at demo tomcat]# iptables -t nat -A PREROUTING -d 209.168.246.236/32
> -i eth0 -p tcp --dport 5000 -j DNAT --to-destination 65.254.217.214:5000
>
>
> [root at demo tomcat]# iptables -L -n -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- 0.0.0.0/0 209.168.246.234 tcp dpt:80
> redir ports 5000
> DNAT tcp -- 0.0.0.0/0 209.168.246.236 tcp dpt:5000
> to:65.254.217.214:5000
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination *
>
> It is not working. If I telnet 209.168.246.236 5000 from my desktop
> it seems to never conenct. Just times out. Can someone tell me
> what I did wrong?
>
> Thanks,
> Chris
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
>
--
--
James P. Kinney III
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20081123/a4511a6b/attachment.html
More information about the Ale
mailing list