Wednesday, September 16, 2015

Forwarding Network














Describe:
End User cannot access Server B via port 8000.
End User can access Server A via port 8000.
How to End User can access application on Server B which running port 8000?

Before Forwarding, end user cannot access via 8000.


Details:

1. Check Port Forwarding:
[root@PTUD-S05 ~]# ifconfig
bond0     Link encap:Ethernet  HWaddr 44:A8:42:18:29:55  
          inet addr:IP_SERVER_A  Bcast:10.30.164.191  Mask:255.255.255.192
          inet6 addr: fe80::46a8:42ff:fe18:2955/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:5433 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2084 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:540826 (528.1 KiB)  TX bytes:299158 (292.1 KiB)

[root@PTUD-S05 ~]# cat /proc/sys/net/ipv4/conf/bond0/forwarding 
0
[root@PTUD-S05 ~]# echo '1' > /proc/sys/net/ipv4/conf/bond0/forwarding 
[root@PTUD-S05 ~]# cat /proc/sys/net/ipv4/conf/bond0/forwarding 
1

2. Edit iptables for forwarding/
[root@PTUD-S05 ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -i bond0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination IP_Server_B:8000
-A POSTROUTING -o bond0 -p tcp -m tcp -d IP_Server_B --dport 8000 -j SNAT --to-source IP_Server_A

COMMIT
# Completed on Sat Sep 12 02:31:44 2015
# Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [779:107936]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT
# Completed on Sat Sep 12 02:31:44 2015

3. Restart Iptables to apply it.
[root@PTUD-S05 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter nat      [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@PTUD-S05 ~]#
After Forwarding:


Share this

0 Comment to "Forwarding Network"

Post a Comment