Why not something differnt and reverse proxy ? On Fri, Feb 20, 2004 at 09:54:40AM +1100, Robert Collins wrote: > On Fri, 2004-02-20 at 09:49, Phil Scarratt wrote: > > Peter Rundle wrote: > > > Sluggers, > > > > > > I'm D'nating access to my web server via my Linux Gateway with this > > > statement. > > > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to > > > 172.16.0.148 > > > > > > This works great as long as the default gateway on the web server > > > (172.16.0.148) points to the Linux Gateway. > > > > > > However, I need to set the default gateway of the web server to > > > somewhere else (an alternate internet connection) When I do this the > > > reply packets never make it back to the gateway, and I have an asymetric > > > routing situation (Kinda as expected really). > > > > > > My Question is; > > > > > > Is there a complimentary iptables statement that I can use to SNAT's the > > > inbound packet so that the web server > > > see's the source as the Linux gateway hence the packet is returned there > > > where upon it is readdressed back to the real originating client in the > > > outside world? > > yes, surprisingly enough it's 'SNAT'. > I suggest you use a mark rule in the mangle table to mark the packet > before DNAT and SNAT, then DNAT & SNAT based on the fwmark. > > Rob > > > -- > GPG key available at: <http://www.robertcollins.net/keys.txt>.
> -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
