Describe:
End User cannot access Server B via port 8000.
End User can access Server A via port 8000.
How to End User can access application on Server B which running port 8000?
Before Forwarding, end user cannot access via 8000.
Details:
1. Check Port Forwarding:
[root@PTUD-S05 ~]# ifconfig
bond0 Link encap:Ethernet HWaddr
44:A8:42:18:29:55
inet addr:IP_SERVER_A
Bcast:10.30.164.191 Mask:255.255.255.192
inet6 addr:
fe80::46a8:42ff:fe18:2955/64 Scope:Link
UP BROADCAST RUNNING MASTER
MULTICAST MTU:1500 Metric:1
RX packets:5433 errors:0
dropped:0 overruns:0 frame:0
TX packets:2084 errors:0
dropped:0 overruns:0 carrier:0
collisions:0
txqueuelen:0
RX bytes:540826 (528.1 KiB)
TX bytes:299158 (292.1 KiB)
[root@PTUD-S05 ~]# cat
/proc/sys/net/ipv4/conf/bond0/forwarding
0
[root@PTUD-S05 ~]# echo
'1' > /proc/sys/net/ipv4/conf/bond0/forwarding
[root@PTUD-S05 ~]# cat
/proc/sys/net/ipv4/conf/bond0/forwarding
1
|
[root@PTUD-S05 ~]# vi
/etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i bond0 -p tcp -m tcp --dport 8000 -j DNAT
--to-destination IP_Server_B:8000
-A POSTROUTING -o bond0 -p tcp -m tcp -d IP_Server_B
--dport 8000 -j SNAT --to-source IP_Server_A
COMMIT
# Completed on Sat Sep 12 02:31:44 2015
# Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [779:107936]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Sep 12 02:31:44 2015
|
3. Restart Iptables to apply it.
[root@PTUD-S05 ~]# service iptables restart iptables: Setting chains to policy ACCEPT: filter nat [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ]
[root@PTUD-S05 ~]#
|
After Forwarding:
0 Comment to "Forwarding Network"
Post a Comment