Vyatta change IP packet destination port on forward, based on source IP range

Question

This might be really easy or really impossible - but any help would be great.

I want to host a web server with multiple hosts on the same IP but different ports. This host will be routable to the public interweb through a Vyatta VC5 box. Nice and simple.

However I would like to have all clients using the server to request data on port 443, and based on their source IP range, have the vyatta box forward the packets to different ports on the host.

I can't use the HTTP host field as the traffic is SSL encrypted, and the source IP ranges are fixed and known by both parties.

Any ideas?

score 0 · Answer 1 · answered Feb 26 '13 at 03:41

0

I don't know Vyatta but it seems to be a regular Linux. It's not clear to me whether your question is

how to do this with Linux
how to get this configured for Vyatta

or both. I can answer (1).

iptables -t nat -A PREROUTING -d $WAN_IP -p tcp --dport 443 -s $RANGE_1 -j DNAT --to-destination ${REAL_SERVER_IP}:444

$RANGE_1 is something like 1.2.3.4/16

answered Feb 26 '13 at 03:41

Hauke Laging

5,285
2
24
40

Thanks for this. Would this allow the same rule, multiple time but with only a different port on the real server? – justacodemonkey Mar 11 '13 at 12:38
@richbayliss Sure. – Hauke Laging Mar 11 '13 at 13:19

Vyatta change IP packet destination port on forward, based on source IP range

1 Answers1