Natting Problem

I have a public facing box that also has a pseudo interface (please
note real ip addresses have not been disclosed)

eg: eth0 192.168.1.200
eth0:1 192.168.1.201

i have also registered a domain against each ip address

eg: www.mydomain1.com forwards to 192.168.1.200:80
www.mydomain2.com forwards to 192.168.1.201:80

i am trying to set up some natting that will internally re-direct to a
different port - based upon the distination address

eg: for traffic hitting 192.168.1.200:80 -> 192.168.1.200:7100
for traffic hitting 192.168.1.201:80 -> 192.168.1.201:7200

here is my script:

#!/bin/sh

/sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
192.168.1.200/255.255.255.0 -j DNAT --to-destination
192.168.1.200:7100

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
192.168.1.201/255.255.255.0 -j DNAT --to-destination
192.168.1.201:7200

gratefull for any advice as it's not working

thx

"Eddie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I have a public facing box that also has a pseudo interface (please
> note real ip addresses have not been disclosed)
>
> eg: eth0 192.168.1.200
> eth0:1 192.168.1.201
>
> i have also registered a domain against each ip address
>
> eg: www.mydomain1.com forwards to 192.168.1.200:80
> www.mydomain2.com forwards to 192.168.1.201:80
>
> i am trying to set up some natting that will internally re-direct to a
> different port - based upon the distination address
>
> eg: for traffic hitting 192.168.1.200:80 -> 192.168.1.200:7100
> for traffic hitting 192.168.1.201:80 -> 192.168.1.201:7200
>
> here is my script:
>
> #!/bin/sh
>
> /sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
>
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
> 192.168.1.200/255.255.255.0 -j DNAT --to-destination
> 192.168.1.200:7100
>
> /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
> 192.168.1.201/255.255.255.0 -j DNAT --to-destination
> 192.168.1.201:7200
>
> gratefull for any advice as it's not working
>
> thx

You also need to set up a FORWARD rule - check out this NG a few days ago -
someone else had the exact same problem
Allan

"Allan Bruce" <(E-Mail Removed)> wrote in message news:<bkn2ss$62h$(E-Mail Removed)>...
> "Eddie" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I have a public facing box that also has a pseudo interface (please
> > note real ip addresses have not been disclosed)
> >
> > eg: eth0 192.168.1.200
> > eth0:1 192.168.1.201
> >
> > i have also registered a domain against each ip address
> >
> > eg: www.mydomain1.com forwards to 192.168.1.200:80
> > www.mydomain2.com forwards to 192.168.1.201:80
> >
> > i am trying to set up some natting that will internally re-direct to a
> > different port - based upon the distination address
> >
> > eg: for traffic hitting 192.168.1.200:80 -> 192.168.1.200:7100
> > for traffic hitting 192.168.1.201:80 -> 192.168.1.201:7200
> >
> > here is my script:
> >
> > #!/bin/sh
> >
> > /sbin/iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
> >
> > /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
> > 192.168.1.200/255.255.255.0 -j DNAT --to-destination
> > 192.168.1.200:7100
> >
> > /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 --dst
> > 192.168.1.201/255.255.255.0 -j DNAT --to-destination
> > 192.168.1.201:7200
> >
> > gratefull for any advice as it's not working
> >
> > thx
>
> You also need to set up a FORWARD rule - check out this NG a few days ago -
> someone else had the exact same problem
> Allan

alan,

thanks for your response .... I tracked down the problem in the end
tho, ... script above was fine apart from the subnet mask should have
read 255.255.255.255 it was forwarding to the subnet :-(