Topic: Iptables - NAT - Damned subject ?!?

[undertaker]

Hello There !

SME rulez, altough it lacks a great feature:
Ability to run multiple Virtual IP's without being a total hassle...
There's my scenario:
My ISP has allocated me an IP which serves as a gateway also for other 30 IP's from the same class.
EG: 111.222.333.70 (eth1 IP for SME - external)
and the other 30 IP's are resolved as domain names in the form 111.222.333.130 - 160 using 111.222.333.70 as a gateway, all being served as Virtual Ip's on the same eth1:x interface.

I've seen tons of similar posts related to the Virtual IP's or multiple NIC's without an answer. Ooops ! There was an how to but it lacked iptables - firewall settings to allow traffic to - from the Virtual IP's.

Is there any chance i can get some help with the issue ?


Best Regards,

[lee]

You'll need to add a start up script to fudge the firewall.

Add to prevent prerouting of packets to squid:
iptables -t nat -I TransProxy 4 -d 111.222.333.130 -j ACCEPT

Allow http & https to new IP:
iptables -I INPUT 1 -p tcp --dport 80 -d 111.222.333.130 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 443 -d 111.222.333.130 -j ACCEPT

I don't claim to be the greatest expert in the world that should work to allow the outside world to talk to Apache (note the iptables lines only open up http and https if you want ftp or other services then you'll need additional commands).

Lee

[undertaker]

Thank You Lee for the fast reply.
It works, still minor changes needed.

Best Regards,