How to configure traffic from a specific IP hardcoded to an IP to forward to another IP:PORT using i

Posted by cclark on Server Fault See other posts from Server Fault or by cclark
Published on 2010-06-10T04:26:33Z Indexed on 2010/06/10 4:33 UTC
Read the original article Hit count: 220

Unfortunately we have a client who has hardcoded a device to point at a specific IP and port. We'd like to redirect traffic from their IP to our load balancer which will send the HTTP POSTs to a pool of servers able to handle that request. I would like existing traffic from all other IPs to be unaffected.

I believe iptables is the best way to accomplish this and I think this command should work:

/sbin/iptables -t nat -A PREROUTING -s $CUSTIP -j DNAT -p tcp --dport 8080 -d $CURR_SERVER_IP --to-destination $NEW_SERVER_IP:8080

Unfortunately it isn't working as expected. I'm not sure if I need to add another rule, potentially in the POSTROUTING chain?

Below I've substituted the variables above with real IPs and tried to replicate the layout in my test environment in incremental steps. $CURR_SERVER_IP = 192.168.2.11 $NEW_SERVER_IP = 192.168.2.12 $CUST_IP = 192.168.0.50

  • Port forward on the same IP

    /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.11:8080

Works exactly as expected.

  • IP and port forward to a different machine

    /sbin/iptables -t nat -A PREROUTING -p tcp -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080

Connections seem to timeout.

  • Restrict IP and port forward to only be applied to requests from a specific IP

    /sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.0.50 -d 192.168.2.11 --dport 16000 -j DNAT --to-destination 192.168.2.12:8080

Times out as well. Probably for the same reason as the previous entry.

Does anyone have any insights or suggestions?

thanks,

© Server Fault or respective owner

Related posts about networking

Related posts about iptables