Port Forwarding Within Internal Network
Hello all,
I have a question about port forwarding. I have an internal Red Hat server and I would like to use it as a central connection point to some back end servers. This is not an internet router setup. I was thinking I could use iptables and do port forwarding similar to an internet router but internal to internal. Here is a simplified example of what I am looking for: server1 eth0 192.168.0.5 eth1 192.168.0.6 server2 eth0 192.168.0.11 Basically I would like to take any connections to port 22 on server1 interface eth0 and forward them out of interface eth1 to server2 port 22. I am finding a lot of information on port forwarding, but it is all based on using an internet router that is passing through to an internal server. I need to know how to configure a basic linux setup with no existing iptables entries so that I can do this within an existing network. Also, if there is a better or easier approach I would appreciate any direction. I don't want to do this through an SSH tunnel. I know to start I need the following to enable forwarding in the kernel and a firewall PREROUTING rule. sysctl -w net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp -i eth0 -d 192.168.0.5 --dport 22 -j DNAT --to 192.168.0.11:22 I was thinking I am missing something like the following, but I am not sure. iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Thanks |
I do not think you need MASQUERADE rule.
Everything else looks good and should be enough. But how do they communicate between each other? Also I thing you need to give different interfaces different subnetwork IP: 192.168.1.5 - eth0 192.168.2.5 - eth1 Server 1 192.168.2.10 - eth0 Server2, if you want it to be on the same LAN with eth1 Server1. |
Thanks, nimnull22.
I don't have an option on the addressing. The machines are all on the same subnet (server1 and server2 and any client machines). I am not sure what you mean about how they communicate between each other. I assumed the client would contact server1 (192.168.0.5) on port 22. It would forward to server2 port 22 and traffic would flow back to the client through server1. That is why I was thinking about the masquerade rule. Basically the client wouldn't know about server2. It would assume all interaction was with server1. Thanks, |
Quote:
|
Quote:
If you need to hide IP of second server, yes masquerading will help. |
Quote:
|
All times are GMT -5. The time now is 11:55 PM. |