0

So i have Been Trying to achieve a scenario but i am not being able to fix that hope someone will come up with the solution

so basically what is want is

I have two server publicly accessible So what I want is

I want if any client tries to request a service lets say a udp service i want it to be redirected to server B

SO the configuration i have is

iptables -t nat -I PREROUTING -d <This pc> -p udp --dport 9987 -j DNAT --to-destination <Redirecting server>
iptables -A FORWARD -d <redirecting server> -j ACCEPT 

sysctl -p
net.ipv4.ip_forward = 1

I can access the other server from outside and from my box there is no limiting policy in the redirecting server or just say destination server

The packet are being matched in the iptables rule

############ EDIT ###############

My Requirement lets say i have a http server on a location And i have another server in different location i want to just make that what ever hits my this server with a request to 80 it should be redirected to another server at port 80 ignore the ports they might be different but the scenario is same

Thank you

sanjib
  • 63
  • 5
  • it looks for me like the classical X and Y Problem - please update your question, to be clear as enough possible, tell us what you want to do, which services are affected? At the moment, Port 9987 is usually used by Teamspeak and in case its meant like and the server-ip has changed, try to use Teamspeak-DNS Service, which is within the same folder. To update the information, redirecting via iptables might work but will not help or work sufficient IMHO. – djdomi May 17 '21 at 04:50
  • @djdomi please view my question now – sanjib May 17 '21 at 05:50
  • How the routing on the other server is configured? I suspect the packet reaches it, but the reply is being sent directly, not through first server and so doesn't get translated back. Please, check this with, e.g. `tcpdump`. Also, drawing a network (L3) diagram helps to understand this. – Nikita Kipriyanov May 17 '21 at 06:31
  • @NikitaKipriyanov i have used tcpdump to verify packets when i try to see the packets with port 80 coming to the interface the packets dont land But the tcpdump command with port 80 on the relaying server show that it is redirecting traffic to that server Both the server are publically accessible Thanks – sanjib May 17 '21 at 06:36
  • Run tcpdump on all relevant interfaces of relaying server and also on the target simultaneously. You need to confirm that all packets go the same route. Forward packets come into the relaying server and then must be NATed and routed to the target server. Replies originate on the target server, then they must appear on the relaying server, be NATed back and then sent to the destination. – Nikita Kipriyanov May 17 '21 at 07:00
  • @sanjib in case you need to redirect http request, you dont need iptables, you need a reverse proxy – djdomi May 17 '21 at 07:06
  • @djdomi i want to do it with iptables – sanjib May 17 '21 at 07:47
  • @NikitaKipriyanov can you tell me what command results you want I will paste the results Both server have only one interface and one loopback interface though – sanjib May 17 '21 at 07:48
  • @sanjib i repeat, you dont want to do this with iptables as it is non business related issue and moreover, technics - either you want to redirect clients to a proxy, then this is a transparent proxy, or you want requests from clients to server redirects, then its reverse proxy. I flag this question as it requests unsupported actions for in my point of view, Privat usage – djdomi May 17 '21 at 08:30
  • @djdomi I dont want to use reverse proxy because the service is not http or https i am just gicing an example of 80 or 443 The service is rather else or just say another port – sanjib May 17 '21 at 08:37
  • WHY you dont tell us WHICH service is beeing used, @sanjib i dont understand WHY you try to hide it. NGINX, in example, can do anything you want like to do, and this without to hassle with iptables, try a look to https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/ – djdomi May 17 '21 at 10:14
  • @djdomi I cannot use nginx because the client wants me to use just iptables for the task I cannot do with nginx or any other like haproxy please try to understand – sanjib May 17 '21 at 10:21
  • i belive still this question is a duplicate off https://serverfault.com/questions/385434/forward-http-traffic-to-another-ip-address-with-iptables?rq=1 – djdomi May 17 '21 at 10:27
  • I said "all" inferfaces, you mention there is just one, so "all" is "one" for your case. Simple, yes? So, where are these tcpdumps? Where is network diagram (which I requested), which shows where the servers relatively to each other and to the internet? How can one suggest anything useful until without understanding the environment for which the solution must apply? The question is unclear and you're quite unwilling to give out additional information. Do you really want to see answer to your question? – Nikita Kipriyanov May 18 '21 at 12:30
  • Also, please, get rid of a habit of obfuscating things. Yes, you better remove private information like your public IPs or domain names or passwords, but never touch, say, TCP or UDP port numbers, private IPs, widely used software and so on — those don't disclose anything about you. Like this: the fact that I use address 192.168.168.4 and Firefox gives you absolutely no information about me, so I'd use it raw when asking a question. But if you do obfuscate something, do it extremly carefully, for relations to remain *the same* between the things, or the answer/help might be incorrect. – Nikita Kipriyanov May 18 '21 at 12:36
  • @NikitaKipriyanov i will be back as soon as the client is back I attach all the detail of my details of my question that you have been asking for as soon as i get answer from my client by far i now that he wanted to forwardudp traffic coming to port 9987 but i will confirm and come back to you thank you – sanjib May 19 '21 at 15:13

0 Answers0