Sunday, March 6, 2016

iptables NAT HTTPS on external IP to internal IP - debian

I've been trying to NAT HTTPS traffic on an external IP (say debianIP1) to an internal IP (say debianIP2) based on several examples/guides, like:



How to do port forwarding/redirecting on Debian?




https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html and



http://jensd.be/343/linux/forward-a-tcp-port-to-another-ip-or-port-using-nat-with-iptables



Unfortunetly, I'm not able to get it working. This is what I do op debianIP1:



/etc/sysctl.conf file, net.ipv4.ip_forward = 1 (IPv4 portforwarding enabled)



Commands:





  • iptables -t nat -A POSTROUTING -o venet0:0 -j MASQUERADE


  • iptables -t nat -A PREROUTING -i venet0:0 -p tcp --dport 443 -j DNAT --to debianIP2:443


  • iptables -A FORWARD -i venet0:0 -p tcp --dport 443 -d debianIP2 -j ACCEPT




When on debianIP1, and I perform:




  • telnet debianIP2 443 -

    I can see I'm connected


  • telnet localhost 443 -
    I get connection refused




venet0:0 is used as this is the only interface that shows an external IP (other is venet0 and lo). Including venet0 for venet0:0 provides the same result.



Can somebody tell me what I'm missing?

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...