Port Forwarding on same network card
This is a discussion on Port Forwarding on same network card within the Linux Security forums, part of the System Security and Security Related category; I have a special port-forwarding problem. I have two routers A and B and one SQL-Server, all in ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-14-2004
|
|||
|
|||
Port Forwarding on same network card
I have a special port-forwarding problem. I have two routers A and B
and one SQL-Server, all in the same subnet. The SQL Server's Default-Gateway has to be Router A, because it does some other stuff, too. But The SQL-queries come via Router B. So I would like to forward all queries on port 1433 and 1434 from Router A to Router B, so that the SQL-Server can answer SQL-queries from the Internet. How can I do that? The problem is, that the packages on the ports 1433 and 1434 have to leave Router A via the same network device as they enter it. I use Linux/iptables on router A. Thank you Martin 
|
|
11-14-2004
|
|||
|
|||
|
Re: Port Forwarding on same network card
Martin Hauptmann spilled the following:
> I have a special port-forwarding problem. I have two routers A and B > and one SQL-Server, all in the same subnet. The SQL Server's > Default-Gateway has to be Router A, because it does some other stuff, > too. > But The SQL-queries come via Router B. > So I would like to forward all queries on port 1433 and 1434 from > Router A to Router B, so that the SQL-Server can answer SQL-queries > from the Internet. > How can I do that? The problem is, that the packages on the ports 1433 > and 1434 have to leave Router A via the same network device as they > enter it. > I use Linux/iptables on router A. > Setup a new network with only router A and router B on it, say 10.2.2.0/24 with hosts 10.2.2.1 and 10.2.2.2, both running NAT. On B (10.2.2.2) forward ports to 10.2.2.1, then on B forward the ports to the SQL server box. Of course it would be a lot simpler if you just stuck with one router. HTH C.
|
|
11-15-2004
|
|||
|
|||
|
Re: Port Forwarding on same network card
Thank you for the answer.
A new network - do you speak of one additional network card in each router? If you don't I do not understand the advantage, because the problem stays the same - there are packages arriving in one ethernet-card and get forwarded via the same networking card. Such as routing from eth0 to eth0. Is there no way in the iptables or routing syntax to allow that behavior without having to install more networking cards?
|
|
11-18-2004
|
|||
|
|||
|
Re: Port Forwarding on same network card
Martin Hauptmann wrote:
> Thank you > > Martin Use a rule with -j REDIRECT _and_ a rule -j SNAT. Something like: -i eth0 -d MYIP --dport 1433 -j REDIRECT --to ROUTERB_IP:1344 -o eth0 -d ROUTERB_IP --dport 1344 -j SNAT --to MYIP It works in the same subnet and on the same eth interface. Regards, Blizbor
|
Linear Mode
