easy temporary redirect from one IP-alias to another

I've a machine that has a lot of IP-alias on its ethernet.
eth0 xx.xx.xx.01, eth0:0 xx.xx.xx.01, eth0:1 xx.xx.xx.02, eth0:2
xx.xx.xx.03 etc...

while reloading a daemon bound to xx.xx.xx.02 I want to redirect all
traffic from xx.xx.xx.02:123 to xx.xx.xx.01:123 (tcp only), where a
fallbackdaemon is running.

The reload takes about 120seconds and the timeout for the requests is
about 10seconds.

My first attempt was to add an appropriate iptables-rule, but I soon
realized that this would involve allowing ip_forward, setting a
prerouting-chain and all that stuff and I wonder if this is really
necessary, cause it would mean that I need to recheck all my security
cause till now ip_forward was simply deactivated.

Second idea was to write a simple helper-application that hooks on the
port and redirects to the other port. Well : maybe there is already such
a tool and it has the disadvantage that the helper can only hook on the
port when the original daemon releases it and this time may be hard to
calculate, cause shutting down the daemon takes about 20seconds (closing
many handles, cleaning up) and I dont know exactely when the port is
released. Same is when starting up the daemon again. The daemon takes
about 100secs to start up (doing load of data-pre-loading) and I dont
know when it claims the port again.

So maybe there is another very simple possibility I just did not think
about yet. A easy trick for netfilter/iptables maybe.

thnx,
peter









--
http://www.goldfisch.at/know_list


peter pilsl