Re: [LARTC] PAT HOW to - IPTABLES
On Tue, Dec 11, 2007 at 12:19:22AM +0100, Radek 'Goblin' Pieczonka wrote: Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation as before? in that case, What can I do? your could use exim/postfix and route the mail to the right server, but I guess you are trying to find out how to have port 25 on the real ip nat'ed to one of the 3 dmz'ed ip based upon the destination mail address short answer you can't as far as I know, iptables only looks at src ip / src port dest ip/dest port. You could write your own plugin module to look into the tcp stream. based upon destination email address/domain could be done by postfix and transports for selected mail/domain to selected server. but there is also a possibility of load balancing and failover for set of domains with all servers working with all the domains for HA and flexibility of computing power, then id say take a look at keepalived for both those features. for http traffic its actually the same, and also you can consider apache reverse proxy feature. he only has 1 real ip [silly idea] of course could be really tricky and use an ipv6 to ipv4 address and name all the dmz servers with ipv6 (in dns as well), really relying upon clients to be ipv6 enable [/silly idea] -- Radek aka Goblin ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc signature.asc Description: Digital signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] PAT HOW to - IPTABLES
Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] PAT HOW to - IPTABLES
you can use squid as reverse proxy .. see cache_peer !! squid can load balance between 3 servers and cache it !! run squid on your box with real ip.. here you can see examples http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html (pt-br) Indunil Jayasooriya wrote: Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- Sds. Alexandre Jeronimo Correa Onda Internet - http://www.ondainternet.com.br OPinguim Hosting - http://www.opinguim.net Linux User ID #142329 UNOTEL S/A - http://www.unotel.com.br ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] PAT HOW to - IPTABLES
see cache_peer !! squid can load balance between 3 servers and cache it !! run squid on your box with real ip.. Thanks for your quick answer. I know about reverse proxy. I wanted to know that without squid, whether iptables it self can handle this situation. Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation as before? in that case, What can I do? Hope to hear form you. -- Thank you Indunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] PAT HOW to - IPTABLES
On Mon, Dec 10, 2007 at 04:09:52PM +0530, Indunil Jayasooriya wrote: see cache_peer !! squid can load balance between 3 servers and cache it !! run squid on your box with real ip.. Thanks for your quick answer. I know about reverse proxy. I wanted to know that without squid, whether iptables it self can handle this situation. Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation as before? in that case, What can I do? your could use exim/postfix and route the mail to the right server, but I guess you are trying to find out how to have port 25 on the real ip nat'ed to one of the 3 dmz'ed ip based upon the destination mail address short answer you can't as far as I know, iptables only looks at src ip / src port dest ip/dest port. You could write your own plugin module to look into the tcp stream. Hope to hear form you. -- Thank you Indunil Jayasooriya ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc signature.asc Description: Digital signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] PAT HOW to - IPTABLES
Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation as before? in that case, What can I do? your could use exim/postfix and route the mail to the right server, but I guess you are trying to find out how to have port 25 on the real ip nat'ed to one of the 3 dmz'ed ip based upon the destination mail address short answer you can't as far as I know, iptables only looks at src ip / src port dest ip/dest port. You could write your own plugin module to look into the tcp stream. based upon destination email address/domain could be done by postfix and transports for selected mail/domain to selected server. but there is also a possibility of load balancing and failover for set of domains with all servers working with all the domains for HA and flexibility of computing power, then id say take a look at keepalived for both those features. for http traffic its actually the same, and also you can consider apache reverse proxy feature. -- Radek aka Goblin ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc