In general, such a problem, there is a system RHEL 6.4 Server with a pair of network interfaces combined into one by bonding. This system IP address: 10.7.7.1. Next on the system running an application that needs to connect to the MySQL-server 10.7.7.2 on port 3306 . And in fact, MySQL runs on 10.7.7.3. Connection settings in the application are hardcoded therefore can not be changed . That can be heard through iptables do address translation . How to make so that when the application attempted to 10.7.7.2:3306 iptables is intercepted and sent a request to 10.7.7.3:3306, and got a response back, and feed it to the application?
Asked
Active
Viewed 2,543 times
2
abg
- 163
- 2
- 5
-
Is anything using the 10.7.7.2 address? Can you add an additional IP to the MySQL machine? – mulaz Dec 18 '13 at 11:08
-
This is not possible, I just need to redirect. – abg Dec 18 '13 at 11:10
2 Answers
1
This can be done with NAT rules in iptables.
If the MySQL server is on the same host, use a REDIRECT rules. Redirect all connections to port 3306 not to 10.7.7.3 to the required address.
If the MySQL server is not on the same host the, use a DNAT rule.
BillThor
- 27,354
- 3
- 35
- 69
1
Assuming that
- .1, .2, and .3 are different machines
- You can't swap .2 & .3's IP Addresses
- .2 is running Linux
Here's what you need to add on .2:
-t nat -A PREROUTING -d 10.7.7.2 -p tcp --dport 3306 -j DNAT --to-destination 10.7.7.3
-t nat -A POSTROUTING -d 10.7.7.3 -p tcp --dport 3306 -j SNAT --to-source 10.7.7.2
HOWEVER...
If for some reasons you can't create iptables rules on .2 and/or you want to intercept the traffic on .1, all you need to do on .1 is:
-t nat -A POSTROUTING -d 10.7.7.2 -p tcp --dport 3306 -j DNAT --to-destination 10.7.7.3
pepoluan
- 4,918
- 3
- 43
- 71