On Fri, Feb 16, 2018 at 02:54:02PM +0000, Ken Gramm wrote:

I've been searching around for a couple of days, and I just can't seem to find the answer I'm looking for.

I have a 6.x box that I use as my gateway firewall. It has three NICs; 1 external, 1 internal, 1 for a guest network.

I have various inbound traffic routed to separate internal machines based on the application (ie. http, smtp, ftp, etc....).

All works well, but I'd like to add a second IP address to the external NIC and then route a second https stream to a different internal machine.

So https traffic on one IP address goes to one internal machine and https traffic on a second IP address goes to a different internal machine.

This iptables -t nat -I PREROUTING -p tcp -i <ext interface) -d <newip> \ --dport 443 \ -j DNAT --to <different internal machine>

Should do it. I guess it's very close to what you're using already, no? Maybe you matching only by interface instead.

Seems like it should be an everyday configuration, but I can't find any clear examples on how to do it.

Could someone please point me in the right direction?

Thanks,

Ken Gramm

---

CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos