I have 2 servers. Server 1 with ip 1.1.1.1 and server 2 with ip 2.2.2.2
My domain example.com points to 1.1.1.1 at the moment, but very soon I'm going to switch to ip 2.2.2.2. I have already setup a low TTL for domain example.com, but some people will still hit the old ip a after I change the ip address of the domain.
Now both machines run centos 5.8 with iptables and nginx as a webserver.
I want to forward all traffic that still hits server 1.1.1.1 to 2.2.2.2 so there won't be any downtime.
Now I found this tutorial: http://www.debuntu.org/how-to-redirecting-network-traffic-a-new-ip-using-iptables but I cannot seem to get it working.
I have enabled ip forwarding: echo "1" > /proc/sys/net/ipv4/ip_forward
After that I ran these 2 commands:
/sbin/iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2:80
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE
But when I load http://1.1.1.1
in my browser, I still get the pages hosted on 1.1.1.1 and not the content from 2.2.2.2. What am I doing wrong?
Best Answer
Try changing
-s 1.1.1.1
to-d 1.1.1.1
You want to match the destination address and not the source address...
You also need to adjust your MASQUERADE-rule to include the interface the traffic takes on the way back. (Most likely eth0 or similar).
Do this with the -o flag. For example like this: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE