We are trying to forward a virtual external IP to an apache server on the internal network, who could help us solve this problem ?

http://www.hhegeman.nl/schema.JPG


We have 4 servers. 1 is acting as a gateway to the internet. Behind this gateway we have 3 apache servers. On the gateway we have the internal ip 10.10.100.1 and we have 4 outside ip’s 213.125.147.80 is the real ip, the other 3 ip’s are virtual ip’s. now we want to forward the virtual ip’s to the apache machines but we cant get this working.

213.125.147.81 port 80 needs to be forwarded to 10.10.100.2 port 80
213.125.147.82 port 80 needs to be forwarded to 10.10.100.3 port 80
213.125.147.83 port 80 needs to be forwarded to 10.10.100.4 port 80

You should be able to do this with IPTables:

something similar to

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ipt_MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward 2> /dev/null
iptables -t nat -A POSTROUTING -o $EXT_NIC -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp -i WHICHINTERFACE --dport 80 -j DNAT --to-destination 10.10.100.2:80
iptables -t nat -A PREROUTING -p tcp -i WHICHINTERFACE --dport 80 -j DNAT --to-destination 10.10.100.3:80
iptables -t nat -A PREROUTING -p tcp -i WHICHINTERFACE --dport 80 -j DNAT --to-destination 10.10.100.4:80


Or you just use firehol (http://firehol.sf.net) which is an abstraction to ip_tables easy to configure, with fallback in case you mess up things an will still be able to reach your server e.g. ssh ;)

Thank you for your quick response. I am new to the ip tables thing.

I am trying your solution but i still cant get it working.

Config:

Eth1 is the outside nic,
Eth0 is the inside nic.

Eth1 = 213.125.147.81
Eth1:0 = 213.125.147.82
Eth1:1 = 213.125.147.83
Eth1:2 = 213.125.147.84

Eth0 = 10.10.100.1


I have the solution you gave me implemented in this way:

modprobe ip_tables
modprobe ip_conntrack
modprobe iptable_nat
modprobe ipt_MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward 2> /dev/null

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.10.100.2:80
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.10.100.3:80
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to-destination 10.10.100.4:80


I hope this is correct ?

you should change eth1 to eth1:1, eth1:2

when i try to do that i get the following warning:

Warning: weird character in interface `eth1:1' (No aliases, :, ! or *).

this is the line i execute:

iptables -t nat -A PREROUTING -p tcp -i eth1:1 --dport 80 -j DNAT --to-destination 10.10.100.2:80