Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

How to redirect packets to multiple machines
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
padukes
Apprentice
Apprentice


Joined: 27 Feb 2003
Posts: 232
PostPosted: Fri Jan 02, 2004 5:30 pm    Post subject: How to redirect packets to multiple machines Reply with quote
Hi All,

I have a gentoo box acting as my NAT/firewall via iptables. Behind the firewall I have two machines which want to run the same app (WinMX). Unfortunately, this app requires accepting connections on a particular port (6699). Is there anyway to setup the NAT/Firewall such that incoming connections can be forwarded to both machines?

Thanks,
P
Back to top
View user's profile Send private message
JPMRaptor
Guru
Guru


Joined: 04 Oct 2002
Posts: 410
Location: Maryland
PostPosted: Sat Jan 03, 2004 12:53 am    Post subject: Reply with quote
I don't think so. There are a few exceptions where this can work (FTP ...) but the incoming conneciton has to be in response to some request. Even then the support for this is down in the firewall code somewhere. I know I had to put some stuff in the ipchains config on my router/firewall to support FTP and a few other special cases.
Back to top
View user's profile Send private message
Chris W
l33t
l33t


Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
PostPosted: Sat Jan 03, 2004 3:48 am    Post subject: Reply with quote
In general, what you request is not possible if the server port number is fixed. In a NAT environment both machines appear to be at the same address. An incoming request to port 6699 will arrive at the NAT machine's external interface with nothing that would allow redirection to one or the other of the internal machines. In some limited cases a NAT helper module can be written that may allow something like this to work by looking at what related connections/traffic has gone before. Such a helper is strongly tied to the prototcol in use.

I get the impression that WinMX can operate in two modes: Server and Firewall. Run in firewall mode and you have no need to accept incoming requests.

Alternatively, if the server address is configurable then set one to 6699 and the other to 6670 and redirect accordingly.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein
Back to top
View user's profile Send private message
funkmankey
Guru
Guru


Joined: 06 Mar 2003
Posts: 304
Location: CH
PostPosted: Sat Jan 03, 2004 4:17 am    Post subject: Reply with quote
ralph wiggum's disembodied head is quite right.

it's probably more hassle than it will be worth, but a STUN server may be able make NAT do what you want.

hm, too bad there is not a way to make iptables filter on FQDN (or is there?) -- some prerouting trickery a la virtual hostnames might work...
_________________
I've got the brain, I'm insane, you can't stop the power
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy