|
|
Sponsored Content
Operating Systems
Linux
IP Traffic forwarding
Post 302344622 by Anuradhai4i on Monday 17th of August 2009 07:01:48 AM
08-17-2009
IP Traffic forwarding
Hello All
I have the following setup of a network. Client machines sends requests to the server which is (192.168.1.50) running on Ubuntu server 8.04. And this server forwards all incoming traffic from clients to another server (192.168.1.100) when it's available. The availability is checked periodically using a shell script.
The following NAT rule has been given for the forwarding task.
Rule 1: Iptables -t nat -A PREROUTING -d 192.168.1.50 -j DNAT --to-destination 192.168.1.100
In the event 192.168.1.100 is unavailable the shell script will detect the unavailability and shift the traffic to 192.168.1.200. The current iptable rules are flushed and the following rule is applied.
Rule 2: Iptables -t nat -A PREROUTING -d 192.168.1.50 -j DNAT --to-destination 192.168.1.200
In the normal scenario when 192.168.1.100 is available the forwarding rule (Rule 1) works properly. The issue is when 192.168.1.100 is unavailable and the traffic is shifted to 192.168.1.200 the traffic is not forwarded properly as required. However when 192.168.1.50 is rebooted and Rule 2 is applied the
forwarding happened as required.
ARP cache and router cache was cleared as well but that did not
solve the issue. The issue was solved only after rebooting 192.168.1.50
Any idea that I can get this sone without rebooting 192.168.1.50 ?
Thank you in advance
Anuradha
I have the following setup of a network. Client machines sends requests to the server which is (192.168.1.50) running on Ubuntu server 8.04. And this server forwards all incoming traffic from clients to another server (192.168.1.100) when it's available. The availability is checked periodically using a shell script.
The following NAT rule has been given for the forwarding task.
Rule 1: Iptables -t nat -A PREROUTING -d 192.168.1.50 -j DNAT --to-destination 192.168.1.100
In the event 192.168.1.100 is unavailable the shell script will detect the unavailability and shift the traffic to 192.168.1.200. The current iptable rules are flushed and the following rule is applied.
Rule 2: Iptables -t nat -A PREROUTING -d 192.168.1.50 -j DNAT --to-destination 192.168.1.200
In the normal scenario when 192.168.1.100 is available the forwarding rule (Rule 1) works properly. The issue is when 192.168.1.100 is unavailable and the traffic is shifted to 192.168.1.200 the traffic is not forwarded properly as required. However when 192.168.1.50 is rebooted and Rule 2 is applied the
forwarding happened as required.
ARP cache and router cache was cleared as well but that did not
solve the issue. The issue was solved only after rebooting 192.168.1.50
Any idea that I can get this sone without rebooting 192.168.1.50 ?
Thank you in advance
Anuradha
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I would like to set up an E-mail forwarding service like Netaddress whereby users would be able to create an E-mail account in my domain name and have all the mail sent to that account forwarded to an alternate address they specify.
I know that I can redirect mail sent to my domain using... (1 Reply)
Discussion started by: BigBro
1 Replies
2. IP Networking
Can anyone out there explain to me how to multi home a nic? I hate to say it but I'm a windows guy forced to learn Unix. The issue I currently have is I can't changed the ip on eth0, but in order to make it pingable by other servers I need to multi home the nic with a totally seperate Ip. Any help... (1 Reply)
Discussion started by: win2khater
1 Replies
3. UNIX for Dummies Questions & Answers
Hi, I'd like to forward my Emails from my domain to my gmx and web.de accounts. For example:
bla@blabla.de to bla@gmx.de
blabla@blabla.de to bla@web.de
How to do this ? I know that .forward forwards all emails to one account, but that's not what I want. (8 Replies)
Discussion started by: sai
8 Replies
4. UNIX for Advanced & Expert Users
Hi,
I have to install an application that has a built in tftp server. Tftp comes in on port 69. As i am not installing this application as a root user i am running into trouble because only the root user can listen to ports < 1024. So changing the port i listen to to one greater than 1023 isn't... (1 Reply)
Discussion started by: imloaded24_7
1 Replies
5. UNIX for Advanced & Expert Users
Hi
I want to set up port forwarding from one network to another network. I already have this configured on the Linux box using iptables.
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 1521 -j DNAT --to 10.218.146.230
iptables -A FORWARD -p tcp -i eth1 -d 10.218.146.230 -j ACCEPT
... (2 Replies)
Discussion started by: slash_blog
2 Replies
6. Solaris
Hello everybody,
I have solaris 10 running on SF v890, I need to forward some sepecific root mails resulted from some application, (or all root mails) to other machine running Solaris 10 also.
does it have anything to do with mail relay, or just change the log settings???
Thanks in Advance... (1 Reply)
Discussion started by: aladdin
1 Replies
7. Cybersecurity
Hi,
from my workplace we use a proxy to connect to the outside world, including external ssh servers.
The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies
8. AIX
X Forwarding has quit working on only 2 of our AIX Servers.
ssh -X -vvv host
That shows it requesting the X11 forward auth spoofing.
No errors.
echo $DISPLAY shows the display variable
However when I execute xclock.... nothing... Kinda like it just hangs and for some reasons it does... (1 Reply)
Discussion started by: Gibby13
1 Replies
9. UNIX for Dummies Questions & Answers
Hi all. I'm not sure I'm posting this in the correct forum. Let me know if I should move it.
I'm trying to setup a downstream router. I have a fairly standard gateway box that provides NAT, DCHP, etc. I want to add another router for QOS.
I'd like to go from the gateway to the QOS box, then... (2 Replies)
Discussion started by: Thorgear
2 Replies
10. IP Networking
With the following machines...
Server 1: PPTP client windows; Public IP: 1.1.1.1
Server 3: PPTP server centos6; Public IP: 3.3.3.3
Connecting VPN server3 from server1 works correctly!
Goal is to have a middle server forwarding traffic in both ways
Server 1: PPTP client windows; Public IP:... (0 Replies)
Discussion started by: pedroz
0 Replies
LEARN ABOUT DEBIAN
shorewall-exclusion
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5) NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file. SYNOPSIS
!address-or-range[,address-or-range]... !zone-name[,zone-name]... DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the form lowaddress-highaddress No embedded whitespace is allowed. Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first list and then removing the addresses defined in the exclusion. Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of /etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words. Warning If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the rule generated for a parent zone. For example: /etc/shorewall/zones: #ZONE TYPE z1 ip z2:z1 ip ... /etc/shorewall/policy: #SOURCE DEST POLICY z1 net CONTINUE z2 net REJECT /etc/shorewall/rules: #ACTION SOURCE DEST PROTO DEST # PORT(S) ACCEPT all!z2 net tcp 22 In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule. In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows: o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT match set1 OR NOT match set2 ... OR NOT match setN. o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1 AND NOT match set2 ... AND NOT match setN. EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4 !192.168.3.4 Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4 !192.168.1.0/24,10.1.3.4 Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8 !192.168.1.3-192.168.1.12,10.0.0.0/8 Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9 192.168.1.0/24!192.168.1.3,192.168.1.9 Example 5 - All parent zones except loc any!loc FILES
/etc/shorewall/hosts /etc/shorewall/masq /etc/shorewall/rules /etc/shorewall/tcrules SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5), shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5) NOTES
1. shorewall-ipsets http://www.shorewall.net/manpages/shorewall-ipsets.html [FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)