-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Sep 28, 2005 at 11:37:41AM -0400, James Pifer wrote: > On Wed, 2005-09-28 at 12:11 -0300, Rodrigo Barbosa wrote: > > > allow: port 80 > > > allow: forward port 8000 for x.x.x.x to y.y.y.y > > > > Forward port 8000 to several hosts might be difficult using only iptables. > > You might want to take a look at LVS (Linux Virtual Server) for that, > > on http://www.linuxvirtualserver.org/ > > No, I need to forward several machines through a specific port to a > single machine. Not "forward 8000 to several hosts". > > Still looking over the other responses. Humm, that should be relatively simple: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --destination-port 8000 -j DNAT --to-destination ${DESTINATION_SERVER} iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE1} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE2} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE3} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -s ${SOURCE4} -j ACCEPT iptables -A FORWARD -p tcp --destination-port 8000 -d ${DESTINATION_SERVER} -j REJECT --reject-with tcp-reset SOURCEX can be either a single IP address, or a network/netmask pair. []s - -- Rodrigo Barbosa <rodrigob at suespammers.org> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDOr1HpdyWzQ5b5ckRAqJAAJ99nLSPq8hOkTrZyWJAOY5N/SQRVwCaA9Cr 5nxgHn9CunpeNHVblDw/rNk= =YotM -----END PGP SIGNATURE-----