how to route traffic through 2nd Linux server ( RHEL 7.6 )
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
the intention of creating to the flow , is that I need to pass the http GET request to application server
I have tired to create a diagram of expected sequance of flow .
once interface 10.130.169.29 receives the GET request for http://192.168.9.10/index.html , it can fetch the page and send the response back to 10.130.169.30.
I have noticed that request is coming to my Interface 10.130.169.29 but since this interface do not know where or how to reach to 192.168.9.10 and from this point , it drops...
I tried to change the color of request and response in diagram
the intention of creating to the flow , is that I need to pass the http GET request to application server
I have tired to create a diagram of expected sequance of flow .
once interface 10.130.169.29 receives the GET request for http://192.168.9.10/index.html , it can fetch the page and send the response back to 10.130.169.30.
I have noticed that request is coming to my Interface 10.130.169.29 but since this interface do not know where or how to reach to 192.168.9.10 and from this point , it drops...
actually you dont need any config, jsut check on both servers for arp and ip via this commands: arp and ip neigh list
A couple of ways to do this, depending on what you have to work with. If you have Apache on the first server, you could redirect through that, but probably the simplest way would be using IP tables:
Code:
Edit the "/etc/sysctl.conf" file, and find the line that reads:
# sysctl net.ipv4.ip_forward=1
...and remove the # and the sysctl. That will let it survive a reboot.
Using IPtables, route web traffic (port 80, can use other ports)
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.11.12.13:80
And enable masquerading:
iptables -t nat -A POSTROUTING -j MASQUERADE
Then run
iptables-save > /etc/sysconfig/iptables
...to save the config.
Modify commands as needed for different ports/addresses. Odd though that someone with no Linux networking experience is given the task of doing this...even more odd that it's NEEDED, since both servers are on the same subnet, so why can't you just hit the .29 server directly? And why curl?
And you mention that you're using RHEL...who has extensive knowledgebase articles on doing this, and RHEL support can help you since you're PAYING for RHEL...RIGHT??? Have you called them?
thank you for the comment much useful, yes I do not have the knowledge but I nominated me with intention on learning the hard way , I have not purchased RHEL support it is small project of me.
thank you for the comment much useful, yes I do not have the knowledge but I nominated me with intention on learning the hard way , I have not purchased RHEL support it is small project of me.
You should reconsider using RHEL without paying; CentOS is 99.x% identical but free...without valid RHEL support, you're not going to get patches/bugfixes/security updates, and installing software is impossible via repositories. There are developer options, but if you're using server-edition, I'd reconsider.
As asked before, your request itself is unclear...since both systems are on the same subnet for BOTH interfaces, why use a bridge at all? Just query the .29 server directly. Unless this is strictly for a learning exercise, in which case the iptables/masquerade would be what you're after. Because in the diagram you posted in post #15, you list the http command as going to the second interface...ON THE SAME SYSTEM. Apache redirects can be used to take that address and accomplish step 1 (going to .29), where the a simple route to the 192 interface can send it to the 192.168.99.11. Back to iptables to route it to 192.168.99.10....which will create a loop, since that redirects to .29 and so forth.
Doesn't seem to make much sense how it's diagrammed, and won't flow correctly without doing infinite redirects/loops. Passing through one system to another is pretty simple, but what are you actually trying to accomplish by doing this???
Quote:
Originally Posted by marliyev
actually you dont need any config, jsut check on both servers for arp and ip via this commands: arp and ip neigh list if you see ip and arp then it should ok
Running these commands does absolutely NOTHING to accomplish what the OP is after; again, you need to re-read the original question and look at the follow-up posted. Further, the arp command is deprecated on RHEL, and their own docs say to not use it. And running "ip neigh list" does pretty much the same thing. Listing an arp table has no effect on anything to do with routing or redirection.
You should reconsider using RHEL without paying; CentOS is 99.x% identical but free...without valid RHEL support, you're not going to get patches/bugfixes/security updates, and installing software is impossible via repositories. There are developer options, but if you're using server-edition, I'd reconsider.
As asked before, your request itself is unclear...since both systems are on the same subnet for BOTH interfaces, why use a bridge at all? Just query the .29 server directly. Unless this is strictly for a learning exercise, in which case the iptables/masquerade would be what you're after. Because in the diagram you posted in post #15, you list the http command as going to the second interface...ON THE SAME SYSTEM. Apache redirects can be used to take that address and accomplish step 1 (going to .29), where the a simple route to the 192 interface can send it to the 192.168.99.11. Back to iptables to route it to 192.168.99.10....which will create a loop, since that redirects to .29 and so forth.
Doesn't seem to make much sense how it's diagrammed, and won't flow correctly without doing infinite redirects/loops. Passing through one system to another is pretty simple, but what are you actually trying to accomplish by doing this???
Running these commands does absolutely NOTHING to accomplish what the OP is after; again, you need to re-read the original question and look at the follow-up posted. Further, the arp command is deprecated on RHEL, and their own docs say to not use it. And running "ip neigh list" does pretty much the same thing. Listing an arp table has no effect on anything to do with routing or redirection.
So point out what part is wrong, since you're saying you're smart and know the answer. Since you've read what's been posted and understand all of it, you should then know how to configure things as the OP wants.
So point out what part is wrong, since you're saying you're smart and know the answer. Since you've read what's been posted and understand all of it, you should then know how to configure things as the OP wants.
Please, demonstrate.
ok LQ Guru i will show you master class. in this situation if arp fully functional there shouldn't be any issue but as he said he receive packet but do not return it means need to add static route or default route: route add -host x.x.x.x/x gw x.x.x.x or route add default gw x.x.x.x. thats it, after this traffic will flow as expected i can teach you networking if you wanna, in da level CCIE but for money
ok LQ Guru i will show you master class. in this situation if arp fully functional there shouldn't be any issue but as he said he receive packet but do not return it means need to add static route or default route: route add -host x.x.x.x/x gw x.x.x.x or route add default gw x.x.x.x. thats it, after this traffic will flow as expected i can teach you networking if you wanna, in da level CCIE but for money
"Master class" is a route command? Funny...you initially said you didn't NEED to do anything to have it work. Again, did you *ACTUALLY READ AND UNDERSTAND* what the OP is asking??
HTTP to 192.168.99.10, which they want redirected to 10.130.69.29....then sent to 192.168.99.11, and on to 10.130.69.30.
Now explain in your 'master class' how a single route statement on one box does that. And that they only want web traffic to go, not EVERYTHING. Again, you are in way over your head. And before you offer to teach anyone, you need to learn first...start with spelling and basics. Odd that someone with a 'master class' and certificates still has an open question here about how to configure Shorewall that you can't answer, and keep begging people to do. Doesn't seem like your 'master class' covers how Shorewall works or what it is.
"Master class" is a route command? Funny...you initially said you didn't NEED to do anything to have it work. Again, did you *ACTUALLY READ AND UNDERSTAND* what the OP is asking??
HTTP to 192.168.99.10, which they want redirected to 10.130.69.29....then sent to 192.168.99.11, and on to 10.130.69.30.
Now explain in your 'master class' how a single route statement on one box does that. And that they only want web traffic to go, not EVERYTHING. Again, you are in way over your head. And before you offer to teach anyone, you need to learn first...start with spelling and basics. Odd that someone with a 'master class' and certificates still has an open question here about how to configure Shorewall that you can't answer, and keep begging people to do. Doesn't seem like your 'master class' covers how Shorewall works or what it is.
ok, lets wait for a user and see what he will say. and now if you really LQ Guru go and answer my question about Shorewall, if you can resolve that issue i will admit that you are really Guru!!!
ok, lets wait for a user and see what he will say. and now if you really LQ Guru go and answer my question about Shorewall, if you can resolve that issue i will admit that you are really Guru!!!
Can I? Sure...not going to, and if you have 'certificates' and teach 'master classes', you don't NEED anyone to answer it. Especially since you answered it yourself in that same thread. If you don't know enough to spot the answer, that says how much knowledge and experience you actually have.
And why don't YOU answer the question here, as asked:
HTTP to 192.168.99.10, which they want redirected to 10.130.69.29....then sent to 192.168.99.11, and on to 10.130.69.30.
Now explain how your single route statement on one box does that. You claim to teach master classes, so it should be easy for you to display your knowledge. Go ahead; answer a question for once with something that makes actual sense.
Can I? Sure...not going to, and if you have 'certificates' and teach 'master classes', you don't NEED anyone to answer it. Especially since you answered it yourself in that same thread. If you don't know enough to spot the answer, that says how much knowledge and experience you actually have.
And why don't YOU answer the question here, as asked:
HTTP to 192.168.99.10, which they want redirected to 10.130.69.29....then sent to 192.168.99.11, and on to 10.130.69.30.
Now explain how your single route statement on one box does that. You claim to teach master classes, so it should be easy for you to display your knowledge. Go ahead; answer a question for once with something that makes actual sense.
its simple routing, you can google, ah i forgot, google already open on your browser. Again, if you will resolve my issue about shorewall, i promise, i will admit that you are Guru and I WILL DELETE MY ACCOUNT and never will return to this site
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,605
Rep:
marliyev, responses such as post #8 are not acceptable here at LQ, if you'd like to continue participating here please refrain moving forward. Additionally to both marliyev and TB0ne - the personal back and forth responses and squabbling need to stop immediately, in this thread and in others.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.