How to configure traffic from a specific IP hardcoded to an IP to forward to another IP:PORT using i
Posted
by cclark
on Server Fault
See other posts from Server Fault
or by cclark
Published on 2010-06-10T04:26:33Z
Indexed on
2010/06/10
4:33 UTC
Read the original article
Hit count: 258
Unfortunately we have a client who has hardcoded a device to point at a specific IP and port. We'd like to redirect traffic from their IP to our load balancer which will send the HTTP POSTs to a pool of servers able to handle that request. I would like existing traffic from all other IPs to be unaffected.
I believe iptables is the best way to accomplish this and I think this command should work:
/sbin/iptables -t nat -A PREROUTING -s $CUSTIP -j DNAT -p tcp --dport 8080 -d $CURR_SERVER_IP --to-destination $NEW_SERVER_IP:8080
Unfortunately it isn't working as expected. I'm not sure if I need to add another rule, potentially in the POSTROUTING chain?
Below I've substituted the variables above with real IPs and tried to replicate the layout in my test environment in incremental steps. $CURR_SERVER_IP = 192.168.2.11 $NEW_SERVER_IP = 192.168.2.12 $CUST_IP = 192.168.0.50
- Port forward on the same IP
/sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.11:8080
Works exactly as expected.
- IP and port forward to a different machine
/sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080
Connections seem to timeout.
- Restrict IP and port forward to only be applied to requests from a specific IP
/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.0.50 -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080
Times out as well. Probably for the same reason as the previous entry.
Does anyone have any insights or suggestions?
thanks,
© Server Fault or respective owner