Hi guys
I posted about this previously trying to do it with firewalld but could simply not get it to work right.
What I need is to have 172.16.1.1 forward any traffic on port 80 to 192.168.1.1:80 which is a different physical machine, and 172.16.1.2 (on the same machine, different NIC) forward any traffic on port 80 to 192.168.1.2:80 which is a different physical machine.
I have tried
Code:
ifconfig eth0 172.16.1.1
ifconfig eth1 172.16.1.2
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -j DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -d 172.16.1.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80
iptables -t nat -A PREROUTING -d 172.16.1.2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80
What happens is if 172.16.1.1 is hit from another machine, the webserver running on 127.0.0.1 on the test machine receives the traffic.
If 172.16.1.2 is hit from another machine, the webserver running on 127.0.0.1 on the test machine receives the traffic.
Obviously I'm missing something - how can I use iptables to forward traffic received on port 80 for a certain IP (on a machine with mutliple NICs and separate IPs on each) to another IP address on port 80 given which IP is hit with a HTTP request to port 80?
Thanks!