Wiki

User Tools

Site Tools

Trace:
ubuntu:iptables:share_an_ip_address_between_servers

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ubuntu:iptables:share_an_ip_address_between_servers [2019/11/29 17:47] – created peterubuntu:iptables:share_an_ip_address_between_servers [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 6: Line 6:
  
 Suppose that you have three machines, a mail server, a web server and a DNS server, but only one public IP address.  You have chosen to give the public address, which is 203.0.113.1, to the DNS server.  All three machines are connected via a local area network on which the DNS server is 192.168.0.1, the mail server is 192.168.0.2 and the web server is 192.168.0.3/24. Suppose that you have three machines, a mail server, a web server and a DNS server, but only one public IP address.  You have chosen to give the public address, which is 203.0.113.1, to the DNS server.  All three machines are connected via a local area network on which the DNS server is 192.168.0.1, the mail server is 192.168.0.2 and the web server is 192.168.0.3/24.
 +
 +----
  
 ===== Prerequisities ===== ===== Prerequisities =====
Line 14: Line 16:
   * you have enabled forwarding of IPv4 network packets.  See [[Network:Enable forwarding of IPv4 network packets|Enable forwarding of IPv4 network packets]].   * you have enabled forwarding of IPv4 network packets.  See [[Network:Enable forwarding of IPv4 network packets|Enable forwarding of IPv4 network packets]].
  
 +----
  
 ===== Method ===== ===== Method =====
Line 28: Line 31:
 Only the first packet of a connection traverses the PREROUTING table: subsequent packets are automatically redirected.  For this reason it is not necessary to provide rules for the return path. Only the first packet of a connection traverses the PREROUTING table: subsequent packets are automatically redirected.  For this reason it is not necessary to provide rules for the return path.
  
 +----
  
 ===== Testing ===== ===== Testing =====
Line 39: Line 43:
 Most TCP-based services can be tested using a generic proxy service such as Tor, provided that they do not require secondary connections (as FTP does when in active mode) and have not been blocked as a matter of policy by the proxy service (as SMTP ought to be). Most TCP-based services can be tested using a generic proxy service such as Tor, provided that they do not require secondary connections (as FTP does when in active mode) and have not been blocked as a matter of policy by the proxy service (as SMTP ought to be).
  
 +----
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 81: Line 86:
 Further information about how to investigate these issues can be found in the troubleshooting guides for iptables and routing. Further information about how to investigate these issues can be found in the troubleshooting guides for iptables and routing.
  
 +----
  
 ===== Variations ===== ===== Variations =====
Line 93: Line 99:
 iptables -t filter -A FORWARD -p tcp -s 198.51.100.0/24 -d 192.168.0.2 --dport 25 -j DROP iptables -t filter -A FORWARD -p tcp -s 198.51.100.0/24 -d 192.168.0.2 --dport 25 -j DROP
 </code> </code>
- 
  
ubuntu/iptables/share_an_ip_address_between_servers.1575049664.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki