I am trying to get two IPs on one interface to route to two different web servers. I am using Shorewall 1.4.2 on LEAF Bering.
I have two IP addresses on my network interface: eth0 xx.yyy.zz.10 eth0:0 xx.yyy.zz.11
I am trying to route port 80 from each of them to different machines and changing the port on one. This is what I have in my rules file:
DNAT net loc:172.16.201.90:8081 tcp 80 - xx.yyy.zz.11 DNAT net loc:172.16.201.90 tcp 8081 - xx.yyy.zz.11
DNAT net loc:172.16.201.9 tcp 80 - xx.yyy.zz.10
I can get to my web server on xx.yyy.zz.10 and to my server on xx.yyy.zz.11 if is use port 8081 but not when I use port 80. The shorewall.log file show a DROP from net2all when port 80 is used.
Shorewall status shows this for net2loc:
Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
4886 2563K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.201.90 state NEW tcp dpt:8081
0 0 ACCEPT tcp -- * * 0.0.0.0/0 172.16.201.90 state NEW tcp dpt:8081
20 960 ACCEPT tcp -- * * 0.0.0.0/0 172.16.201.9 state NEW tcp dpt:80
5 328 net2all all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 to:172.16.201.90
0 0 DNAT tcp -- * * 0.0.0.0/0 xx.yyy.zz.11 tcp dpt:80 to:172.16.201.90:8081
20 960 DNAT tcp -- * * 0.0.0.0/0 xx.yyy.zz.10 tcp dpt:80 to:172.16.201.9
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
