iptables prerouting to redirect source ip address on ethernet

Posted by Kevin Campion on Server Fault See other posts from Server Fault or by Kevin Campion
Published on 2010-05-14T13:00:07Z Indexed on 2010/05/14 13:04 UTC
Read the original article Hit count: 548

Filed under:
|
|

I have 2 ip adresses on the Internet who redirect on the same machine. On this machine, one Debian runs on OpenVZ. I can set iptables rules to redirect all http request to the Debian.

    iptables prerouting -d ip_address_2 DNAT --to ip_address_local_1
                     +--------------+
                     |              |
                     |              V
                     |       ip_address_local_1
I|                 +------+     +----------+
N|ip_address_1     |      |-----|Debian1 VE|-- Apache's log
T|-----------------|OpenVZ|     +----------+   [client ip_address_1]
E|              |  |      |
R|ip_address_2  |  |      |
N|--------------+  |      |
E|                 +------+
T|

Iptables' rules :

iptables -t nat -A PREROUTING -p tcp -i eth0 -d ip_address_2 --dport 80 -j DNAT --to ip_address_local_1:80
iptables -A FORWARD -p tcp -i eth0 -o venet0 -d ip_address_local_1 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -i venet0 -o eth0 -s ip_address_local_1 --sport 80 -j ACCEPT

When I go to webpage with "http://ip_address_2", I can see the good content but the ip address on access log file is ip_address_1, I would like to see my ISP's ip address.

Any ideas?

© Server Fault or respective owner

Related posts about iptables

Related posts about route