two interfaces one port
I have a two network interfaces (eth0 and eth1) on a machine running Fedora 8. Each one has its own publicly visible IP address. Apache is listening on port 80 only on eth0. I have another server (not Apache) also speaking HTTP (call it server_b) which can be made to listen on any port. Obviously it cannot listen on port 80 as that is already taken by Apache.
What I would like to do is run server_b listening on any free port e.g. 6677 and somehow redirect packets coming on eth1 destined for port 80 to port 6677. Packets coming on eth0 destined for port 80 will go to Apache as usual. This redirection then, needs to happen before arriving packets reach Apache. I am hoping for a solution in iptables or something like it. To me it seems possible to distinguish between packets meant for Apache and server_b as they will be arriving on different network interfaces even though both are destined for port 80. Problem is that I do not know enough about iptables to be able to do this.
Another possbility is to make Apache listen on both interfaces and use its URL rewriting capabilities to forward the appropriate packets to port 6677. However I do not know if it will be possible for Apache to get the response from port 6677 and send it back on eth1. In any case, I know even less about URL rewriting in Apache than iptables.
It is probably easiest to simply allow access to port 6677 from the outside. However, sysadmins I work with will do it only as a last resort.
Of course, outgoing packets generated by server_b will need to be manipulated as well. They will need to look as if coming from port 80 rather than 6677. There might be other issues which I have not thought about yet.
As an experiment (on another machine), I started httpd listening on port 80 and then tried to redirect packets coming on port 8080 to port 80 using iptables. Success of redirection will result in index.html becoming accessible on http://localhost:8080/. I tried the nat table but it seems that packets destined for the machine only see the INPUT chain of the filter table.
Any suggestions, solutions or guidance will be much appreciated.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide