Firewalld - forwarding traffic received on eth1:0 to different IP than eth1
by rylan76 from LinuxQuestions.org on (#4TPRW)
Hi all
I have the following two zones in firewalld:
Code:zone1 (active)
target: default
icmp-block-inversion: no
interfaces: eth1
sources:
services:
ports: 80/tcp 443/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=80:toaddr=192.168.0.1
port=443:proto=tcp:toport=443:toaddr=192.168.0.1
source-ports:
icmp-blocks:
rich rules:
zone2 (active)
target: default
icmp-block-inversion: no
interfaces: eth1:0
sources:
services:
ports: 80/tcp 443/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=80:toaddr=192.168.0.2
port=443:proto=tcp:toport=443:toaddr=192.168.0.2
source-ports:
icmp-blocks:
rich rules:eth1 is a real NIC at 172.16.1.1
eth1:0 is a virtual NIC at 172.16.1.2
on one physical machine.
They are set by
Code:ifconfig eth1 172.16.1.1
ifconfig eth1:0 172.16.1.2What I need is to be able to see the website on 192.168.0.1 when I hit 172.16.1.1 with a web browser, and the website on 192.168.0.2 when I hit 172.16.1.2 with a web browser.
E. g. I want to forward the traffic through ports 80 and 443 to 192.168.0.1 on eth1 (172.16.1.1) and 192.168.0.2 on eth1:0 (172.16.1.2).
With the above config, firewalld / iptables IGNORES eth1:0 - e. g. if I hit 172.16.1.1 I get the website on 192.168.0.1. BUT if I hit 172.16.1.2 I -still- get the website on 192.168.0.1, NOT 192.168.0.2
E. g. the virtual NIC eth1:0 appears to be equivalent to firewalld as eth1 - HTTP traffic on port 80 to either 172.16.1.1 (eth1) or 172.16.1.2 (eth1:0) all gets sent to 192.168.0.1, ignoring the forward rules set on eth1:0.
How can I get firewalld / iptables to
forward traffic received on :80 and :443 on 172.16.1.1 (eth1) to 192.168.0.1
forward traffic received on :80 and :443 on 172.16.1.2 (eth1:0) to 192.168.0.2
and not just forward all traffic on both 172.16.1.1 and 172.16.1.2 to 192.168.0.1?
I have the following two zones in firewalld:
Code:zone1 (active)
target: default
icmp-block-inversion: no
interfaces: eth1
sources:
services:
ports: 80/tcp 443/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=80:toaddr=192.168.0.1
port=443:proto=tcp:toport=443:toaddr=192.168.0.1
source-ports:
icmp-blocks:
rich rules:
zone2 (active)
target: default
icmp-block-inversion: no
interfaces: eth1:0
sources:
services:
ports: 80/tcp 443/tcp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=80:toaddr=192.168.0.2
port=443:proto=tcp:toport=443:toaddr=192.168.0.2
source-ports:
icmp-blocks:
rich rules:eth1 is a real NIC at 172.16.1.1
eth1:0 is a virtual NIC at 172.16.1.2
on one physical machine.
They are set by
Code:ifconfig eth1 172.16.1.1
ifconfig eth1:0 172.16.1.2What I need is to be able to see the website on 192.168.0.1 when I hit 172.16.1.1 with a web browser, and the website on 192.168.0.2 when I hit 172.16.1.2 with a web browser.
E. g. I want to forward the traffic through ports 80 and 443 to 192.168.0.1 on eth1 (172.16.1.1) and 192.168.0.2 on eth1:0 (172.16.1.2).
With the above config, firewalld / iptables IGNORES eth1:0 - e. g. if I hit 172.16.1.1 I get the website on 192.168.0.1. BUT if I hit 172.16.1.2 I -still- get the website on 192.168.0.1, NOT 192.168.0.2
E. g. the virtual NIC eth1:0 appears to be equivalent to firewalld as eth1 - HTTP traffic on port 80 to either 172.16.1.1 (eth1) or 172.16.1.2 (eth1:0) all gets sent to 192.168.0.1, ignoring the forward rules set on eth1:0.
How can I get firewalld / iptables to
forward traffic received on :80 and :443 on 172.16.1.1 (eth1) to 192.168.0.1
forward traffic received on :80 and :443 on 172.16.1.2 (eth1:0) to 192.168.0.2
and not just forward all traffic on both 172.16.1.1 and 172.16.1.2 to 192.168.0.1?