two interfaces one port
I have a two network interfaces (eth0 and eth1) on a machine running Fedora 8. Each one has its own publicly visible IP address. Apache is listening on port 80 only on eth0. I have another server (not Apache) also speaking HTTP (call it server_b) which can be made to listen on any port. Obviously it cannot listen on port 80 as that is already taken by Apache.
What I would like to do is run server_b listening on any free port e.g. 6677 and somehow redirect packets coming on eth1 destined for port 80 to port 6677. Packets coming on eth0 destined for port 80 will go to Apache as usual. This redirection then, needs to happen before arriving packets reach Apache. I am hoping for a solution in iptables or something like it. To me it seems possible to distinguish between packets meant for Apache and server_b as they will be arriving on different network interfaces even though both are destined for port 80. Problem is that I do not know enough about iptables to be able to do this.
Another possbility is to make Apache listen on both interfaces and use its URL rewriting capabilities to forward the appropriate packets to port 6677. However I do not know if it will be possible for Apache to get the response from port 6677 and send it back on eth1. In any case, I know even less about URL rewriting in Apache than iptables.
It is probably easiest to simply allow access to port 6677 from the outside. However, sysadmins I work with will do it only as a last resort.
Of course, outgoing packets generated by server_b will need to be manipulated as well. They will need to look as if coming from port 80 rather than 6677. There might be other issues which I have not thought about yet.
As an experiment (on another machine), I started httpd listening on port 80 and then tried to redirect packets coming on port 8080 to port 80 using iptables. Success of redirection will result in index.html becoming accessible on http://localhost:8080/. I tried the nat table but it seems that packets destined for the machine only see the INPUT chain of the filter table.
Any suggestions, solutions or guidance will be much appreciated.
Special Reports: DevOps
Have projects in development that need help? Have a great development operation in place that can ALWAYS be better? Regardless of where you are in your DevOps process, Linux Journal can help!
With deep focus on Collaborative Development, Continuous Testing and Release & Deployment, we offer here the DEFINITIVE DevOps for Dummies, a mobile Application Development Primer, advice & help from the experts, plus a host of other books, videos, podcasts and more. All free with a quick, one-time registration. Start browsing now...
- SUSE – “Will not diverge from its Open Source roots!”
- Dealing with Boundary Issues
- Vagrant Simplified
- Libreboot on an X60, Part I: the Setup
- System Status as SMS Text Messages
- Bluetooth Hacks
- October 2015 Issue of Linux Journal: Raspberry Pi
- Disney's Linux Light Bulbs (Not a "Luxo Jr." Reboot)
- New Products
- October 2015 Video Preview