2

Situation: I have a dedicated Server (CentOS 6) with couple of VMs(Cent OS 7 and Windows Server 2012 R2) in Virtual Box. Few applications are running in windows and reachable from the Main IP(X.X.105.20) Using mod proxy. The Application hosted in Linux VM requires to be reachable from different IP(X.X.109.118)(The second IP address of server).

What have I Tried: So far I tried with IP forwarding from this SF question but the Application is not reachable.

iptables -t nat -A PREROUTING -p tcp -d X.X.109.118 -j DNAT --to-destination 192.168.56.102
iptables -t nat -A POSTROUTING -p tcp -d 192.168.56.102 -j SNAT --to-source X.X.109.118


iptables -I FORWARD -m state -d 192.168.56.102 --state NEW,RELATED,ESTABLISHED -j ACCEPT

BTW, The application is reachable from windows Guest as well as from CentOS Host

Edit Based on The comment: I have two domains. A few .net based Web Applications are running in windows server using sub-domains of one of the domains. And I'm using another domain name for the application running in Linux. So its all name based access for first domain(and its sub-domains) which is also using the main IP address. The Second Domain I have registered to the additional IP address X.X.1.118. The ping is fine as well( using both IP and Domain Name). All I want is this IP Could send (and Receive) all the communication to the VM at 192.168.56.102.

Community
  • 1
Anup Sharma
  • 77
  • 1
  • 1
  • 8
  • What error do you get? Do you have `ip forwarding` enabled in your servers already? Firewall not blocking anything? – Diamond Jan 08 '16 at 08:13
  • How did you setup the networking for the VMs - there are a variety of different options for NAT, bridging etc which affects what IP the VMs get and how they can be reached. – darklion Jan 08 '16 at 08:18
  • @bangal I get the Apache 2 Homepage. And ip forwarding is enabled. Firewall is Off as well. – Anup Sharma Jan 08 '16 at 09:15
  • @darklion I have used Host Only as well as Nat for complete connectivity. Everything is visible from everything. – Anup Sharma Jan 08 '16 at 09:16
  • @AnupSharma, you didn't mention what kind of apps and how you are accessing them. If you have `apache name based virtual hosts` configured for the apps and you are trying to access it using `ip address`, you may not be able to do it. – Diamond Jan 08 '16 at 09:19
  • @bangal I've edited my Question for you. Please have a look. – Anup Sharma Jan 08 '16 at 10:08
  • @AnupSharma, If I have understood it correctly, you are able to reach the server but it is serving the apache default site page. This means actually your firewall rules are ok and you need to check the apache virtual host configuration. See if you have the ServerName setup correctly. If you have more than one virtualhosts and they are not setup correctly, you can end up at the default site. – Diamond Jan 09 '16 at 22:28
  • @bangal Thanks for reply but I think you are not getting the problem. Here I don't want/need to setup the virtual host configuration at all. All I need is to redirect all the traffic from secondary IP to the VM and vice-versa because the application hosted in the said VM uses far more number of ports and protocols than http/s. – Anup Sharma Jan 11 '16 at 06:30
  • Usually you would use a bridged adapter for the VM so it becomes a full member of the local Ethernet network (it will have it's own MAC) and take the IP away from the host server and assign it to the VM. – Brian Jan 11 '16 at 06:56
  • @Brian Okay, now the network connectivity lost. The VM is now cut-off from world – Anup Sharma Jan 11 '16 at 07:14

1 Answers1

2

Your second rule are matching 192.168.56.102 as destination, but the POSTROUTING chain need to be used for rewrite the destination of packets coming (--source) from 192.168.56.102 (the response).

Change your second rule to:

iptables -t nat -A POSTROUTING -p tcp -s 192.168.56.102 -j SNAT --to-source X.X.109.118

or 

iptables -t nat -A POSTROUTING -p tcp -s 192.168.56.102 -j MASQUERADE

You are sending all the tcp packets with destination X.X.109.118 to the linux VM, so you can't have any web server listening on this address on the dedicated host.

Make sure apache is not listening on the IP address you are forwarding to avoid packets be processed by the INPUT chain.

Or you can have a name based virtual host configured for the domain but only listening on the address (just this virtualhost listening on X.X.109.118) and remove the iptables rules.

i.e: 

<Virtualhost X.X.109.118:443>
[...]
</Virtualhost>
fgbreel
  • 663
  • 4
  • 13
  • Thanks for the answer. But this has resulted in _Hmm, we can’t reach this page._ error and if I try from Host, I still get the Host Apache's default page – Anup Sharma Jan 13 '16 at 15:41
  • Hi, I updated my answer with the issue about the apache too. – fgbreel Jan 13 '16 at 16:24
  • I think You have misunderstood my situation. Here Virtual Host is not applicable. The Application Hosted in the centos 7 needs to work on lots of ports (number of ports is over 25000) and Protocols (Http,Https,Ws and so on) That is the main reason I had to book another IP address. The Idea was to make the VM available completely on that IP address exclusively and extensively. The Problem ,I Believe, here is the IP forwarding is not working at all. So host is serving the default page. – Anup Sharma Jan 14 '16 at 07:38
  • Correct, this is due the apache listening on `0.0.0.0`, make apache listen just on the `X.X.105.20` address, so the packets will not enter the `INPUT` chain and the `FORWARD` chain will take place. The iptables are not forwarding the packets because of this. – fgbreel Jan 14 '16 at 13:49
  • Restricted apache to listen just on X.X.105.20 but nothing happened. Its still the same situation. – Anup Sharma Jan 17 '16 at 05:21