HomeForumsLinux SupportNetworking

two interfaces one port

Jun 05, 2008  By kershell
 in

Hi,

I have a two network interfaces (eth0 and eth1) on a machine running Fedora 8. Each one has its own publicly visible IP address. Apache is listening on port 80 only on eth0. I have another server (not Apache) also speaking HTTP (call it server_b) which can be made to listen on any port. Obviously it cannot listen on port 80 as that is already taken by Apache.

What I would like to do is run server_b listening on any free port e.g. 6677 and somehow redirect packets coming on eth1 destined for port 80 to port 6677. Packets coming on eth0 destined for port 80 will go to Apache as usual. This redirection then, needs to happen before arriving packets reach Apache. I am hoping for a solution in iptables or something like it. To me it seems possible to distinguish between packets meant for Apache and server_b as they will be arriving on different network interfaces even though both are destined for port 80. Problem is that I do not know enough about iptables to be able to do this.

Another possbility is to make Apache listen on both interfaces and use its URL rewriting capabilities to forward the appropriate packets to port 6677. However I do not know if it will be possible for Apache to get the response from port 6677 and send it back on eth1. In any case, I know even less about URL rewriting in Apache than iptables.

It is probably easiest to simply allow access to port 6677 from the outside. However, sysadmins I work with will do it only as a last resort.

Of course, outgoing packets generated by server_b will need to be manipulated as well. They will need to look as if coming from port 80 rather than 6677. There might be other issues which I have not thought about yet.

As an experiment (on another machine), I started httpd listening on port 80 and then tried to redirect packets coming on port 8080 to port 80 using iptables. Success of redirection will result in index.html becoming accessible on http://localhost:8080/. I tried the nat table but it seems that packets destined for the machine only see the INPUT chain of the filter table.

Any suggestions, solutions or guidance will be much appreciated.

‹ Sparc Performance Monitoring Software That Can Monitor Linux As Well? please help me about script to result traffic aggregate ›
Webcast
More Resources
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers

Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.

Learn More

Sponsored by AMD

White Paper
More Resources
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState