iptables prerouting to redirect source ip address on ethernet
Posted
by Kevin Campion
on Server Fault
See other posts from Server Fault
or by Kevin Campion
Published on 2010-05-14T13:00:07Z
Indexed on
2010/05/14
13:04 UTC
Read the original article
Hit count: 544
I have 2 ip adresses on the Internet who redirect on the same machine. On this machine, one Debian runs on OpenVZ. I can set iptables rules to redirect all http request to the Debian.
iptables prerouting -d ip_address_2 DNAT --to ip_address_local_1
+--------------+
| |
| V
| ip_address_local_1
I| +------+ +----------+
N|ip_address_1 | |-----|Debian1 VE|-- Apache's log
T|-----------------|OpenVZ| +----------+ [client ip_address_1]
E| | | |
R|ip_address_2 | | |
N|--------------+ | |
E| +------+
T|
Iptables' rules :
iptables -t nat -A PREROUTING -p tcp -i eth0 -d ip_address_2 --dport 80 -j DNAT --to ip_address_local_1:80
iptables -A FORWARD -p tcp -i eth0 -o venet0 -d ip_address_local_1 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -i venet0 -o eth0 -s ip_address_local_1 --sport 80 -j ACCEPT
When I go to webpage with "http://ip_address_2", I can see the good content but the ip address on access log file is ip_address_1, I would like to see my ISP's ip address.
Any ideas?
© Server Fault or respective owner