Morten Sundstrøm
2008-Nov-03 21:44 UTC
[CentOS] Forward all traffic from public IP A to public IP B?
Need help. Im trying to forward all traffic to a public server(A) to another public server(B) except traffic to port 22. Found this on google but cant get it to work. Could someone help me please. Server A has one NIC server B has one NIC. Do i need 2 NICS in server A. #!/bin/sh iptables -F iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -X iptables -F -t nat iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -i eth0 --protocol tcp --destination-port ! 22 -j DNAT --to-destination "IP B" iptables -t nat -A PREROUTING -i eth0 --protocol udp -j DNAT --to-destination "IP B" # END /etc/rc.d/init.d/iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:!22 to:"IP B" 2 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 to:"IP B" Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination /Morten. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20081103/2225e838/attachment-0004.html>
Morten Sundstr?m wrote:> Need help. > > Im trying to forward all traffic to a public server(A) to another public > server(B) except traffic to port 22. Found this on google but cant get > it to work. Could someone help me please.Is server (B) behind server (A) ? It's been a while but last time I checked you couldn't do forwarding to a system unless that system was behind the system that was doing the forwarding using normal iptables. What I do is use a specialized utility, there are two such utilities that I know of that handle tcp forwarding in this manor: rinetd and redir. The only downside is the destination system will not see any of the original IP addresses connecting, it will only see IPs of the system doing the forwarding. I don't think either rinetd or redir are available in the default CentOS installation you probably have to find them elsewhere on the net. As for non-TCP stuff, I don't know off the top of my head. nate