Sunday, June 28, 2015

port forwarding - How to use iptables to forward requests to a jBoss server running on a different machine?



I have 3 machines with the following IP addresses : -



Machine 1 : - 10.10.10.20 Machine 2 :- 10.10.10.21 Machine 3 : - 10.10.10.22




The jBoss server is started on Machine 1 and Machine 3 is client. If I type 10.10.10.21 (ip address of Machine 2) in the browser on Machine 3, I should be redirected to the the default jBoss page of the jBoss server launched on Machine 1. However, typing 10.10.10.20 (IP address of Machine 1) in the browser on Machine 3 should not work. That is, the client on Machine 3 should be able to access the jBoss server on Machine 1 only through Machine 2 and not directly.



Note that the 3 machines are a part of a private network with a firewall. I was thinking of using iptables on machine 2 (RHEL installed) but I am unable to use it properly.



Can anyone suggest how I can achieve this setup (using iptables or by any other means)



I tried running the the following iptables command on Machine 2: -



    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination     10.10.10.20



But I am still unable to access Machine 1 from Machine 3 through Machine 2.



Thanks, bot


Answer



I managed to forward requests coming to Machine 2 to Machine 3 by using iptables. Ignore the comments in the script as they may not be correct explanations for the commands.



    #!/bin/bash

#Execute the following command to enable ip forwarding if it is not already enabled.

#echo 1 > /proc/sys/net/ipv4/ip_forward

#nat to forward all requests to specified ports on Machine 2 to specified ports on Machine 1.
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 80 -j DNAT --to 10.10.10.20:80
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 1099 -j DNAT --to 10.10.10.20:1099
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 1098 -j DNAT --to 10.10.10.20:1098

#Allow response from Machine 1 to Machine 2.
iptables -t nat -A POSTROUTING -d 10.10.10.20 -j MASQUERADE



This script causes all http,rmi and naming service requests made to Machine 2 to be forwarded to Machine 1.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...