> W1 R1 port 80 -->> LAN IP 192.168.1.1 > W1 R1 port 21 -->> LAN IP 192.168.1.1 > W1 R1 port 110 -->> LAN IP 192.168.1.2 > W1 R1 port 25 -->> LAN IP 192.168.1.2 > > W2 R2 port 80 -->> LAN IP 192.168.1.3 > W2 R2 port 21 -->> LAN IP 192.168.1.3 > W2 R2 port 110 -->> LAN IP 192.168.1.4 > W2 R2 port 25 -->> LAN IP 192.168.1.4 > > W3 R3 port 80 -->> LAN IP 192.168.1.5 > W3 R3 port 21 -->> LAN IP 192.168.1.5 > W3 R3 port 110 -->> LAN IP 192.168.1.6 > W3 R3 port 25 -->> LAN IP 192.168.1.6 > > W4 R4 port 80 -->> LAN IP 192.168.1.7 > W4 R4 port 21 -->> LAN IP 192.168.1.7 > W4 R4 port 110 -->> LAN IP 192.168.1.8 > W4 R4 port 25 -->> LAN IP 192.168.1.8
If I correctly understand what you've described you could simply put one TSL box on the WAN segment and assign all four wan IPs to it's eth0 interface (eth0, eth0:1, eth0:2, and eth0:3). then use iptables nat table and prerouting rules to perform DNAT based on destination IP and Port, like this, for example, to redirect traffic to the first two web servers. iptables -t nat -A PREROUTING -i eth0 -d [W1 IP address] -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80 iptables -t nat -A PREROUTING -i eth0 -d [W2 IP address] -p tcp --dport 80 -j DNAT --to-destination 192.168.1.3:80 not 100% sure if the syntax on these commands is correct but it should get you close. not sure if you'll need to specify -i eth0:0 or if -i eth0 will still cover all the subinterfaces too. experiment with it and see. _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
