How to route to a secondary interface on the same physical ethernet?
Posted
by
sjose3612611
on Server Fault
See other posts from Server Fault
or by sjose3612611
Published on 2014-06-10T02:25:57Z
Indexed on
2014/06/10
3:28 UTC
Read the original article
Hit count: 364
INTERNET<->(wan)BRIDGED_DEVICE(lan)<->ETH_ROUTER<->LAN
Problem: Need to access web server on BRIDGED_DEVICE's LAN from INTERNET via ROUTER (BRIDGED_DEVICE's web server cannot be accessed form INTERNET since it has no Public management IP). Cannot configure bridged device. It has a static IP on its LAN to which its web server binds.
Attempt: Create a secondary/alias WAN Interface on ETH_ROUTER (e.g Primary: eth0.1 (for internet access) and Secondary: eth0.2 (for accessing web server on BRIDGED_DEVICE), (No VLANs).
eth0.1 has a public IP; eth0.2 has a static private IP in the BRIDGED_DEVICE's subnet (e.g 10.0.X.Y). Iptables on ETH_ROUTER: Added a port forward (DNAT) from eth0.1 to eth0.2:
iptables -t nat -I PREROUTING -i eth0.1 -p tcp --dport 80 -j DNAT --to-destination 10.0.X.Y
iptables -t nat -I POSTROUTING -o eth0.2 -s 10.0.X.0/24 -j MASQUERADE
Stateful firewall w/ overall drop policy on FORWARD chain, hence:
iptables -I FORWARD -i eth0.1 -d 10.0.X.Y -p tcp --dport 80 -j ACCEPT
Can ping from ETH_ROUTER to BRIDGED_DEVICE but unable to reach the web server from Internet. I see packet cont increasing for the DNAT rule but not sure where it disappears in the ETH_ROUTER after that.
ETH_ROUTER is the only device that can be configured to achieve this.
If familiar with this scenario, please suggest what I may be missing or doing wrong here or suggest techniques to debug?
© Server Fault or respective owner