1

I would like to forward TCP traffic from Server A which is a Linux Server to Server B which is a Windows server. Both are connected to the internet (public IP) and not in the same (local) network.

I have used this for my question: How to route UDP traffic from one public IP (linux) to another public IP(Windows) (rinetd)

The problem is that network traffic arriving at server B via Server A has Server A as source-IP.

My question is: Can I change this setup so that the Windows Server sees the original source IP and not server A as source IP

Community
  • 1
Calvin
  • 121
  • 1
  • 5

1 Answers1

1

Yes, you can. As David mentioned, it is very difficult to do this unless the forwarding machine (A) is the default router for the receiving one (B). Making a linux machine into a router is not difficult, and some selective iptables DNAT use should allow you to alter the destination. I'm not sure this is the best way to do what you are looking to do, however.

NickW
  • 10,183
  • 1
  • 18
  • 26
  • 1
    Although a bit of information about what sort of traffic you want to forward might be nice.. – NickW Feb 26 '14 at 14:01
  • TCP traffic, port 30000 needs to be forwarded. It is meant as a DDoS protection, because other traffic ends at Server A which has DDoS protection. Server B doesn't have DDoS Protection. – Calvin Feb 26 '14 at 14:03
  • Hmm, in this case you'll probably want to mark packets with iptables, then use the fwmark as the basis for your routing policies. Just a question, the public IPs are not in the same subnet are they? – NickW Feb 26 '14 at 14:14
  • Server A is in Datacenter A (in USA) and Server B is in Datacenter B (in The Netherlands), so no, they are not in the same subnet. Do you have examples for iptables with the things you suggest? – Calvin Feb 26 '14 at 14:17
  • I think I may take a step back from my previous statement here. I was going on the assumption that the machines were in the same DC or on the same connection. This has gone from feasible to awfully difficult. I think you might be better off purchasing something to install in DC B to perform this sort of thing. – NickW Feb 26 '14 at 14:23
  • Too bad, still thanks, I will have to buy something in DC B indeed or ignore that the source IP is incorrect. – Calvin Feb 26 '14 at 15:02
  • Yeah, there are a lot of issues with doing it in this manner, for example, what happens if there are connectivity problems in DC A? I think that you'll be introducing a lot less single points of failure, doing everything in DC B. – NickW Feb 26 '14 at 15:05