forwarding a port to a hostname

Question

How can one forward a port to a hostname and port. I was looking at this post: Iptables forward all traffic to a specified port, to another device and see how to do it port to ip but what if I need to do port to hostname? Tried putting in a host as the destination but it throws in error in iptables

 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination ehb-us-redis-001.ehb-usredis.u1.cache.com:6379
iptables v1.4.21: Bad IP address "ehb"

Try `iptables -h' or 'iptables --help' for more information.

Why not do the DNS lookup yourself and substitute in the IP for the hostname? — dmourati, May 11 '18 at 03:00

score 6 · Accepted Answer · answered May 11 '18 at 03:35

You can't. The syntax is specified in the iptables-extensions man page as

--to-destination [ipaddr[-ipaddr]][:port[-port]]

While iptables -s and -d syntax address[/mask] allows using hostnames, it's discouraged as it may cause security problems. As the --to-destination takes IP address ranges (for a simple round-robin load balancing), address syntax would be irrelevant.

Hostnames will be resolved once only, before the rule is submitted to the kernel. Please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea.

Furthermore, the Netfilter kernel module doesn't handle hostnames; if you think this would solve some problem with changing IP addresses, it won't.

If you really need to use hostnames, a reverse proxy would be more applicable.

ok...this makes sense on why you shouldn't do this... – lightweight May 11 '18 at 22:33 — lightweight, May 11 '18 at 22:33

forwarding a port to a hostname

1 Answers1