Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-04-2015, 01:28 AM
|
#1
|
LQ Newbie
Registered: Nov 2008
Posts: 13
Rep:
|
transparent DNAT Port Forwarding with iptables
I want to forward traffic to one port to another server.
I am doing this in a lab on virtual machines, all IP's will be public addresses in production.
client 192.168.10.100 ->
server 192.168.10.200 : 1900 ->
server2 192.168.10.222 : 1900
Client connects to server on port 1900 which should forward to server2 on port 1900.
This works (on server):
iptables -t nat -I PREROUTING -p tcp -i eth0 -d 192.168.10.200 -dport 1900 -j DNAT --to 192.168.10.222:1900
iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 192.168.10.200
The problem is server2 see's the IP of server and not the client IP.
Thanks
|
|
|
05-04-2015, 03:07 PM
|
#2
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
You nedd to remove the second rule this sets all the traffic leaving to 192.168.10.200 which is why the second server see the ip of the first server and not the client.
|
|
|
05-04-2015, 04:18 PM
|
#3
|
LQ Newbie
Registered: Nov 2008
Posts: 13
Original Poster
Rep:
|
Quote:
Originally Posted by lazydog
You nedd to remove the second rule this sets all the traffic leaving to 192.168.10.200 which is why the second server see the ip of the first server and not the client.
|
It doesn't work at all without a POSTROUTING rule, and I tried MASQUERADING and that had the same effect with the server2 getting the wrong ip.
|
|
|
05-05-2015, 07:20 AM
|
#4
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
So you want all traffic to pass through 192.168.10.200 and if that is the case then the second server is going to need to see the ip address of the first server in order to route traffic back.
|
|
|
05-06-2015, 12:44 AM
|
#5
|
LQ Newbie
Registered: Nov 2008
Posts: 13
Original Poster
Rep:
|
No, only traffic destined to port 1900 should go to the second server, and the second server should see the IP of the client source.
Kindof like on a netgear router or something, you forward a port to a machine inside the network. I'm sure you can do this with linux as many routers use linux.
|
|
|
05-06-2015, 08:03 AM
|
#6
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
That router does a DNAT and SNAT just like you are doing now. I haven't found a way at this time to do it any other way. This is requuired to ensure that the client will get the return traffic from the host it sent it to otherwise the client will drop the connection.
|
|
|
All times are GMT -5. The time now is 07:17 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|