10

Assume the following scenario, if I have a local machine (A) the requests another machine (B) using B's internal IP without regard the ports. But A and B are not on the same network, however, B has a public IP. what I want to do is when requesting machine B from machine A using B's internal IP, then some routing happens and translates B's internal IP to its public IP. How to achieve this functionality given the OS of the two machines is Ubuntu 14.04 ?

Yahia
  • 305
  • 1
  • 3
  • 8
  • 1
    possible duplicate of [iptables change destination IP without DNAT](http://serverfault.com/questions/124184/iptables-change-destination-ip-without-dnat) – Dusan Bajic May 16 '15 at 05:55
  • 1
    I think what you want here is a simple masquerade. – Konrad Gajewski May 16 '15 at 12:45
  • @dusan.bajic thanks, I tried iptables -t nat -A OUTPUT -p tcp -d 192.168.1.15 -j DNAT --to-destination 54.3.22.1 where 54.3.22.1 is B's public IP and 192.168.1.15 is B's private IP. But it did not work. – Yahia May 16 '15 at 19:35
  • @KonradGajewski Thanks. Can you please specify how to do a simple masquerade using linux commands ? – Yahia May 16 '15 at 19:36
  • Wait. Do A & B have internet access? Do A&B have an internal address in the same network? – Konrad Gajewski May 16 '15 at 19:48
  • @KonradGajewski A & B have internet access but they are not on the same internal network. – Yahia May 16 '15 at 19:51
  • So how come don't you just connect to the external address of B from A? – Konrad Gajewski May 16 '15 at 22:52
  • 1
    @KonradGajewski No, as I don't have control on the application that is deployed on A and requests B using its private IP. – Yahia May 16 '15 at 23:06
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/23851/discussion-between-konrad-gajewski-and-yahia-zakaria). – Konrad Gajewski May 16 '15 at 23:56

2 Answers2

10

Ok, after a small chat with Yahia Zakaria I managed to pinpoint the problem. The app uses more than TCP to communicate, so the proper DNAT should look:

iptables -t nat -A OUTPUT -d 192.168.1.15 -j DNAT --to-destination 54.3.22.1

And that's basically it.

Konrad Gajewski
  • 1,498
  • 3
  • 15
  • 29
0

Add the IP and appropriate hostnames/aliases to /etc/hosts.

djm
  • 9
  • 1
  • Thanks. But it did not work with me. Assume B's internal IP is 192.168.1.15 and B's public IP is 54.3.22.1. I put the following entry to /etc/hosts of machine A: 54.3.22.1 192.168.1.15 but did not work ! – Yahia May 16 '15 at 01:24
  • Gotcha, I misunderstood the question. That's going to be pretty difficult to accomplish with just the hosts file. If your end goal is to get to the public IP that is the static IP/hostname that I would set in /etc/hosts. – djm May 16 '15 at 01:38