I have 3 machines with the following IP addresses : -
Machine 1 : - 10.10.10.20 Machine 2 :- 10.10.10.21 Machine 3 : - 10.10.10.22
The jBoss server is started on Machine 1 and Machine 3 is client. If I type 10.10.10.21 (ip address of Machine 2) in the browser on Machine 3, I should be redirected to the the default jBoss page of the jBoss server launched on Machine 1. However, typing 10.10.10.20 (IP address of Machine 1) in the browser on Machine 3 should not work. That is, the client on Machine 3 should be able to access the jBoss server on Machine 1 only through Machine 2 and not directly.
Note that the 3 machines are a part of a private network with a firewall. I was thinking of using iptables on machine 2 (RHEL installed) but I am unable to use it properly.
Can anyone suggest how I can achieve this setup (using iptables or by any other means)
I tried running the the following iptables command on Machine 2: -
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.20
But I am still unable to access Machine 1 from Machine 3 through Machine 2.
Thanks, bot
Answer
I managed to forward requests coming to Machine 2 to Machine 3 by using iptables. Ignore the comments in the script as they may not be correct explanations for the commands.
#!/bin/bash
#Execute the following command to enable ip forwarding if it is not already enabled.
#echo 1 > /proc/sys/net/ipv4/ip_forward
#nat to forward all requests to specified ports on Machine 2 to specified ports on Machine 1.
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 80 -j DNAT --to 10.10.10.20:80
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 1099 -j DNAT --to 10.10.10.20:1099
iptables -t nat -A PREROUTING -p tcp -d 10.10.10.21 --dport 1098 -j DNAT --to 10.10.10.20:1098
#Allow response from Machine 1 to Machine 2.
iptables -t nat -A POSTROUTING -d 10.10.10.20 -j MASQUERADE
This script causes all http,rmi and naming service requests made to Machine 2 to be forwarded to Machine 1.
No comments:
Post a Comment