Hi all,
I have two webservers in an Intranet, one on 192.168.0.1, port 80, the
other on on 192.168.0.5 port 80. Each machine has only one ethernet
card, attached to the same switch.Now I want to take away the first
webserver In order to do this transparently, I thought of using a
redirect rule.
Thus, on 192.168.0.1 I tried the following command:
iptables -t nat -A PREROUTING -p tcp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80
iptables -t nat -A PREROUTING -p udp -d 192.168.0.1 --dport 80 -j DNAT
--to 192.168.0.5:80
For testing reasons, all the plicies on both machines are set to ACCEPT.
iptables -t nat -L -n yields:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- 0.0.0.0/0 192.168.0.1 udp dpt:80
to:192.168.0.5:80
DNAT tcp -- 0.0.0.0/0 192.168.0.1 tcp dpt:80
to:192.168.0.5:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
With these rules, I thought an attempt to reach 192.168.0.1:80 would
lead me to 192.168.0.5:80. But the latter one doesn't see anything.
What am I missing?
Thanks for replying!
Micahel
|
Similar Threads
Linear Mode
