I'm currently trying to figure out how I can forward traffic from a secondary public IP address of my dedicated server to an internal IP of my network using iptables in order to make e.g. webservers and the like visible from outside.
My setup is a dedicated server containing three virtual machines which form a "private LAN". The connection between those is established and the virtual machines can connect to the internet through a bridge between the isolated LAN and the physical server. Allowing outgoing traffic is established using the following rule (LAN: 192.168.x.x, Example Public Address: 8.8.8.8):
iptables -t nat -A POSTROUTING -s 192.168.1.101 -j SNAT --to-source 8.8.8.8
This works fine - if I open an internet browser and go to whatismyip.com it will now no longer show the server's main IP address, but instead it will show the secondary IP just the way it's supposed to do.
However, now I'd love to do the other way around and install e.g. a web server on one of the virtual machines and make it available to the public through my secondary IP. I was searching for the answer and found I'm supposed to add a PREROUTING rule in order to accomplish this, thus I tried the following:
iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 192.168.1.101
Connecting to port 80 of the public IP will time out, though. It seems like I'm still missing something or there's a mistake in the way I do the rules.
Please note: Rather than opening only a specific port, I'd like to forward all incoming traffic on that specific IP to the virtual machine and handle security over there.
Any advice would be appreciated - perhaps I'm just missing something minor.
