-1

i have got two servers :

Server 1:

IP1= 8.8.8.1

IP2= 8.8.8.2

Server 2:

IP1= 8.8.8.3

i want to redirect every access to IP 8.8.8.2 to 8.8.8.3. Therefor I activated IP forward

sysctl net.ipv4.ip_forward=1

and installed the IP Tables:

iptables -t nat -A  PREROUTING -d 8.8.8.2 -j DNAT --to-destination 8.8.8.3
iptables -t nat -A POSTROUTING -s 8.8.8.3 -j SNAT --to-source 8.8.8.2

My Problem is that this doesnt work. If i ping now my IP address 8.8.8.2 I expect an answer from 8.8.8.3 instead i get an timeout.

What am I doing wrong? Thanks

EDIT:

The servers are connected via Internet, so all IPs are public IPs.

The IP of Server 2 changes every 2-3 Months due to regulations of the ISP. So i want to use the static IP of Server 1 for Server 2 .

The subnets are /32. So I only own this three specific IP addresses.

Server 1 is a Strato Vserver. Server 2 is a Vserver Host at my home.

EDIT 2: Tunnel Would be an good option, but does this work with IP Tables?

I dont exactly know what double nat could help there, since the Second Server is acessible from the internet an there is no need for nat trough a router. ( this is the place where i know you can use double nat)

user154501
  • 9
  • 2
  • You need to better explain your setup. How are the servers connected with each other? Also, you need to show the exact IP subnets used. Can we assume you are using addresses `8.8.8.0/24`? – Khaled May 09 '18 at 14:15
  • The servers are connected via Internet, so all IPs are public IPs. The IP of Server 2 changes every 2-3 Months due to regulations of the ISP. So i want to use the static IP of Server 1 for Server 2 . The subnets are /32. So I only own this three specific IP addresses. Server 1 is a Strato Vserver. Server 2 is a Vserver Host at my home. – user154501 May 09 '18 at 14:50
  • Don't write clarifying parameters in the comments. Edit your question. – Mikhail Khirgiy May 09 '18 at 15:13
  • afaik would require a double nat (losing source for logs) or a tunnel. because server2's answer won't be routed via server1 (and please clarify, with edit, the question) – A.B May 09 '18 at 15:56

1 Answers1

0

Try 

iptables -t nat -A POSTROUTING -d 8.8.8.3 -j SNAT --to-source 8.8.8.2

instead of 

iptables -t nat -A POSTROUTING -s 8.8.8.3 -j SNAT --to-source 8.8.8.2

Although it is not obvious, your case is generally a hairpin NAT. Thus you need to force the network to pass the returning packet through the same NAT device (otherwise networks' collective routing tables don't have any reason to pass it such a long way around).

kubanczyk
  • 13,502
  • 5
  • 40
  • 55