IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

Posted by Mark on Server Fault See other posts from Server Fault or by Mark
Published on 2011-01-18T16:02:47Z Indexed on 2011/11/20 18:00 UTC
Read the original article Hit count: 945

Filed under:

I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud...

I've not done much iptables pre and post routing before Dnat or Snat which I know are the things I need or a combination of the things I need in order achieve what i'm trying.

Things to note:- Client/User - Must not be able to see backend IP address and only see the IP address of the cloud box https (TLS/SSL) - connection shouldn't be terminated at the cloud box, it should act like a router almost EC2 instance - Has only one network interface available to play with... this is thus an (internet <-> internet) type of routing going on.

EC2 instance IP address is already more or less behind a NAT that I have no control over, for example... Public ip address could be but instance IP will be Connections from client will go to which will end up at the instance and on interface The connection from the client then needs to be forwarded (DNAT) onto the backend web servers which are back out on the internet (SNAT). Possibly a part of the problem could be that the SNAT will need to be set to the external interface of the instance and I wonder if this makes it harder for IPtables to track the connection?

So looking to basically, have it look as though connections are terminating at this server and its IP address. Whereas all that's really happening is the https request and connection is being forwarded straight onto another internet facing web server.

How possible does that sound?

© Server Fault or respective owner

Related posts about iptables

Related posts about nat