-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Sep 28, 2005 at 11:37:41AM -0400, James Pifer wrote:
On Wed, 2005-09-28 at 12:11 -0300, Rodrigo Barbosa wrote:
allow: port 80 allow: forward port 8000 for x.x.x.x to y.y.y.y
Forward port 8000 to several hosts might be difficult using only iptables. You might want to take a look at LVS (Linux Virtual Server) for that, on http://www.linuxvirtualserver.org/
No, I need to forward several machines through a specific port to a single machine. Not "forward 8000 to several hosts".
Still looking over the other responses.
Humm, that should be relatively simple:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER}
iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset
SOURCEX can be either a single IP address, or a network/netmask pair.
[]s
- -- Rodrigo Barbosa rodrigob@suespammers.org "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)