I need help rerouting traffic on my ubuntu virtual machine running on parallels for port 443 with a tunnel url to port 1111 on the same ubuntu machine. Once that is successfull the server at 1111 should then forward the request to the tunnel url. For some reason when I try using iptables and HAProxy it doesn't work
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
For IPTables
I've tried setting the ip_forward config flag to 1 if thats what you call it.
I've tried setting the prerouting config to the following:
sudo iptables -t nat -A PREROUTING -p tcp -d rnqhc-adas-ads-ed01-cb00-sada-asdds-asdd-iii.a.free.pinggy.link --dport 443 -j DNAT --to-destination 127.0.0.1:1111
Then I've masqueraded it.
And added
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 -d rnqhc-adas-ads-ed01-cb00-sada-asdds-asdd-iii.a.free.pinggy.link -j ACCEPT
I've also seen answers by: IPTables reroute traffic not working but it did not help.
For HAProxy I've tried:
frontend https_front
bind *:443 ssl crt /home/devhouse/Developer/mycert_combined.pem
acl host_mydomain hdr(host) rnqhc-adas-ads-ed01-cb00-sada-asdds-asdd-iii.a.free.pinggy.link
use_backend my_backend if host_mydomain
backend my_backend
server local_proxy 127.0.0.1:1111
I think I'm missing something
There are a couple of moments in your rules.
If you're using the
127.0.0.address in a DNAT rule, it also requires enabling of thenet.ipv4.conf.<iface_name>.route_localnet=1sysctl variable. Write it in a sysctl.conf file and run thesysctl -p --systemto apply the changes.To reroute the locally originated traffic (from HA Proxy in your case) you should add the same DNAT rule into the
nat/OUTPUTchain.Avoid usage of domain names in your rules. It can cause various issues if dns doesn't work.
How to troubleshoot:
Check the rules counters with
iptables-save -c.Check the conntrack events with
conntrack -E.Use the tcpdump to sniff the traffic.