* Ryan McAlister (ryanm@centralpower.com) [020812 11:41]: > I have a privately addressed server hosting multiple websites each with > it's own virtual ip on the machine, eth0:1, eth0:2, etc... and on the > firewall I have multiple public virtual ip's eth0:1, eth0:2, etc... I > already know how to DNAT back to one IP from the public side to the > private side. > > Iptables -t nat -A PREROUTING -p TCP --dport 80 -j DNAT --to-destination > 192.168.100.100 > > Is it possible with iptables to map multiple public ip's back to > corresponding private ip's? You should be able to do this by adding a rule for each public address you want to map. For example: iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT \ --to-destination 192.168.100.4 iptables -t nat -A PREROUTING -p tcp -d 1.2.3.5 --dport 80 -j DNAT \ --to-destination 192.168.100.5 iptables -t nat -A PREROUTING -p tcp -d 1.2.3.6 --dport 80 -j DNAT \ --to-destination 192.168.100.6 iptables -t nat -A PREROUTING -p tcp -d 1.2.3.7 --dport 80 -j DNAT \ --to-destination 192.168.100.7 As stated in the link you gave, they do all come in on the same interface, but you can handle each one separately since they come in with different destination addresses. good times, Vineet -- http://www.doorstop.net/ -- http://www.eff.org/
Attachment:
pgpB2R1P_vX13.pgp
Description: PGP signature