two interfaces one port
I have a two network interfaces (eth0 and eth1) on a machine running Fedora 8. Each one has its own publicly visible IP address. Apache is listening on port 80 only on eth0. I have another server (not Apache) also speaking HTTP (call it server_b) which can be made to listen on any port. Obviously it cannot listen on port 80 as that is already taken by Apache.
What I would like to do is run server_b listening on any free port e.g. 6677 and somehow redirect packets coming on eth1 destined for port 80 to port 6677. Packets coming on eth0 destined for port 80 will go to Apache as usual. This redirection then, needs to happen before arriving packets reach Apache. I am hoping for a solution in iptables or something like it. To me it seems possible to distinguish between packets meant for Apache and server_b as they will be arriving on different network interfaces even though both are destined for port 80. Problem is that I do not know enough about iptables to be able to do this.
Another possbility is to make Apache listen on both interfaces and use its URL rewriting capabilities to forward the appropriate packets to port 6677. However I do not know if it will be possible for Apache to get the response from port 6677 and send it back on eth1. In any case, I know even less about URL rewriting in Apache than iptables.
It is probably easiest to simply allow access to port 6677 from the outside. However, sysadmins I work with will do it only as a last resort.
Of course, outgoing packets generated by server_b will need to be manipulated as well. They will need to look as if coming from port 80 rather than 6677. There might be other issues which I have not thought about yet.
As an experiment (on another machine), I started httpd listening on port 80 and then tried to redirect packets coming on port 8080 to port 80 using iptables. Success of redirection will result in index.html becoming accessible on http://localhost:8080/. I tried the nat table but it seems that packets destined for the machine only see the INPUT chain of the filter table.
Any suggestions, solutions or guidance will be much appreciated.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
- Python Scripts as a Replacement for Bash Utility Scripts
- Cluetrain at Fifteen
- Considering Legacy UNIX/Linux Issues
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- Memory Ordering in Modern Microprocessors, Part I
- Putlocker!! Watch Begin Again Online 2014 Streaming Full Movie
- Getting Good Vibrations with Linux
- New Products
- RSS Feeds
- Security Hardening with Ansible