Home / ubuntu / Questions / 320121
Accepted
uncletall
Asked: 2013-07-15 18:08:00 +0800 CST

Simple port forwarding

  • 772

I am in a bit of trouble as I am trying to setup a reverse proxy with and a second server. My idea was to get the firewall to forward https to the reverse proxy and port 29418 (gerrit ssh) to the second server. Now my cooperate IT guy says: CAN NOT! Either both ports go to server 1 or both ports go to server 2.

Ok, as a work around I tried to setup a port forwarding on the reverse proxy of port 29418 -> server2:29418

Details:

  • Server1 IP: 10.0.0.132 and 192.168.10.2 on Ubuntu 12.04.2 LTS
  • Server2 IP: 10.0.0.133 and 192.168.10.3 on Ubuntu 12.04.2 LTS

Now both https and port 29418 go from the firewall to 10.0.0.132, IT says that's the only way. :(

So please tell me how to forward from 10.0.0.132:29418 -> 192.168.10.3:29418 or 10.0.0.133:29418

When I am working on the 10.0.0.132 I can connect to both 10.0.0.133:29418 and 192.168.10.3:29418 so the ports are open.

-- Update --

My iptables -t nat -L looks like this:

root@dev:/root# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             dev.example.com       tcp dpt:29418 to:10.0.0.133

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
root@dev:/root# cat /proc/sys/net/ipv4/ip_forward
1
port-forwarding

4 Answers

  1. Best Answer

    In case someone else is looking for a way that actually works. Though @HorsePunchKid is right in his suggestion, I've found this walkthrough that fills in the missing steps:

    http://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/

    In essence:

    Enable IP Forwarding:

    sysctl net.ipv4.ip_forward=1

    Add your forwarding rule (use n.n.n.n:port):

    iptables -t nat -A PREROUTING -p tcp -d 10.0.0.132 --dport 29418 -j DNAT --to-destination 10.0.0.133:29418

    Ask IPtables to Masquerade:

    iptables -t nat -A POSTROUTING ! -s 127.0.0.1 -j MASQUERADE

    And that's it! It worked for me in any case :)

    • 44

  2. If anyone is searching for a temporary method, try the below solution.

    ssh -L 192.168.0.10:8080:10.0.0.10:80 [email protected]

    The above command redirects all connections to port 8080 on your base machine to 80 virtual machine ports. You can test if it works by accessing the web page http://192.168.0.10:8080, and it'll show you the web page on the guest machine.

    This applies to all ports :)

    • 14

  3. If you have iptables installed on 10.0.0.132, I think this will be pretty straightforward:

    iptables -t nat -A PREROUTING -j DNAT -d 10.0.0.132 -p tcp --dport 29418 --to 10.0.0.133

    This says to send traffic coming in to 10.0.0.132 on port 29418 over to 10.0.0.133 instead, on the same port, prior to any other routing that 10.0.0.132 might try to do. If you run this command and have trouble with it, replace the -A flag with -D to remove it.

    If you're looking to have this rule run automatically when 10.0.0.132 starts up, consider adding the above command as a "post-up" rule in /etc/network/interfaces.

    • 7

  4. In the end I had to install pfSense as a router inside my ESXi server to route the traffic to the different VM's as I could not get it to work in Ubuntu.

    • 0