I have this setup today;
[box1]----[box2]-----[box3]-----(isp2)
(isp1)--'
this is how I want to change this;
(isp1)----[box2]-----[box3]-----(isp2)
[box1]--'
this is because of a move from isp1 to isp2, where isp2 won't deliver
multiple IPs
so, while isp1 is phased out, I need box1's old ip to be assigned box2
(eth1:1) and forwarded to box1, then I'll set up the needed forwards one
at a time on box3
when all services have been migrated fully to isp2, isp1 will be
disconnected, and box2 reused as a testbox
for the sake of discussion and security, I'll use these fictive IPs;
box1(today) 10.0.0.2
box2(today) 10.0.0.3/10.0.1.1
box3(today) 10.0.2.2/10.0.1.2
box1(future) 10.0.1.3
so, these are my current rules (that don't work):
iptables -I INPUT -i eth1 -d 10.0.0.2 -j ACCEPT
iptables -I FORWARD -i eth1 -d 10.0.0.2 -j ACCEPT
iptables -t nat -I PREROUTING -i eth1 -d 10.0.0.2 -j DNAT --to 10.0.1.3
iptables -t nat -I POSTROUTING -o eth1 -s 10.0.1.3 -j DNAT --to 10.0.0.2
with 10.0.0.2 on eth1:1 on box2
all packages from 10.0.1.0/24 are accepted by iptables
I tried this setup, but was unable to connect to the box from an
external box...
Cheers,
--
Morten
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
