iptables forwarding

[Rutger van Oosten <r.v.oosten@xxxxxxxxxxx>]

I have a slightly off-topic question that still may be of interest to more people on this list.

 

I am running LVS/NAT with one director and multiple real servers. The director is running linux kernel 2.4.18 from kernel.org. The director is connected to the internet through eth0 (VIP) and to a dmz with the real servers through eth1 (DIP). Currently I am load-balancing ftp and http traffic, but to access a mssql server inside the dmz i have a iptables forward (iptables -t nat -A PREROUTING -i eth0 -p tcp -d $VIP --dport 1433 -j DNAT --to $SQL01:1433) which works fine.

 

My question: I want the sql server inside the dmz (let's call it SQL_DMZ) to be able to connect to another sql server on my (non-dmz) network (let's call it SQL_NETW). From the director I can ping them both. So then I add an iptables forward like this: iptables -t nat -A PREROUTING -i eth1 -p tcp -d $DIP --dport 1433 -j DNAT --to $SQL_NETW:1433    expecting connections on the sql port on the DIP interface to be routed to the SQL_NETW machine.  But this does not work.

 

Who knows what I'm doing wrong?

 

Thanks,

Rutger