Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

  • The exponential growth of data, along with virtualization, is bringing a disruptive level of complexity to your IT infrastructure. Having multiple point...
    Download

  • It's time high-level executives and IT compliance officers recognize and acknowledge the danger of malicious insiders, an increased attack surface and...
    Download

More on LinuxToday


Networking is a little more than IPs and netmasks

Mar 29, 2010, 12:34 (0 Talkback[s])
(Other stories by Edmundo Carmona)

[ Thanks to Edmundo for this link. ]

"Very recently I was asking this questions (which is still open) at www.linuxquestions.org (the first place I hit when I have a question regarding linux or gnu, by the way) and took a brief look at the questions open on the networking forum and I hit this beauty.

"It's a guy who has set up DNAT on netfilter to forward packets that are sent to one host to another server that does the real work. Think of it as a proxy. In his example, he wanted to forward packets that arrive at his host on port 3306 to port 3197 on another host (let's use IP a.a.a.a). So, he set up a simple rule on (nat) PREROUTING:

$ iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to a.a.a.a:3197

"What this rule is doing is telling the kernel to change the destination IP address of any packet that arrives at his host through any network interface to IP address a.a.a.a (reachable from his server, maybe not from the host that originated said packages) and the destination port to 3197"

Complete Story

Related Stories: