Results 1 to 13 of 13

Thread: IP forwarding

  1. #1

    IP forwarding

    I just found out that my dedicated server provider maps IP addresses to the MAC address of my network card. This causes the bridging option of vmware server to fail (The guest OS has no network that way). This means i am left with the less desirable NAT option.

    The problem with NAT is that (from what i understand) i can only forward specific ports to a specific Guest OS. This means that i can for example only have 1 HTTP port 80 capable Guest OS, eventhough i have 5 IP addresses.

    Is it possible to (with iptables?) forward all traffic and ports destined for IP x.x.x.x (on the HOST) to internal NAT ip y.y.y.y on Guest OS 1 and HOST ip a.a.a.a to internal nat IP b.b.b.b on Guest OS 2?

    If this isnt possible then i think i just got a huge server which cant do decent virtualization

  2. #2
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by Adonis View Post
    I just found out that my dedicated server provider maps IP addresses to the MAC address of my network card. This causes the bridging option of vmware server to fail (The guest OS has no network that way). This means i am left with the less desirable NAT option.

    The problem with NAT is that (from what i understand) i can only forward specific ports to a specific Guest OS. This means that i can for example only have 1 HTTP port 80 capable Guest OS, eventhough i have 5 IP addresses.

    Is it possible to (with iptables?) forward all traffic and ports destined for IP x.x.x.x (on the HOST) to internal NAT ip y.y.y.y on Guest OS 1 and HOST ip a.a.a.a to internal nat IP b.b.b.b on Guest OS 2?

    If this isnt possible then i think i just got a huge server which cant do decent virtualization

    Hmmm,

    FYI

    http://www.simplehelp.net/2009/04/15...hine-in-linux/

  3. #3
    That would forward all traffic from all IP's from specific ports to that one IP address. I have 5 IP addresses and need to forward 4 of them (including all ports) to specific internal IP's for the Guest OS-es.

  4. #4
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by Adonis View Post
    That would forward all traffic from all IP's from specific ports to that one IP address. I have 5 IP addresses and need to forward 4 of them (including all ports) to specific internal IP's for the Guest OS-es.

    You need to check DNAT go through.


    iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 80 -j DNAT --to-destination 10.10.14.2

  5. #5
    Tried that too, where in your example 10.10.20.99 is my HOST ip and 10.10.14.2 is the IP from my VM guest. Didn't work. Also added a Postrouting line, but that made no difference.

  6. #6
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by Adonis View Post
    Tried that too, where in your example 10.10.20.99 is my HOST ip and 10.10.14.2 is the IP from my VM guest. Didn't work. Also added a Postrouting line, but that made no difference.

    I dont know what it not work, can you post, your ips detail from where to where you are doing redirection of all ips, if possible post your all iptables rules.

  7. #7
    IPtables is empty (i didnt write the changes) as this is a new installation without any websites or panels.

    What kind of IP info do you need?

  8. #8
    Join Date
    Sep 2007
    Posts
    368

  9. #9
    The iptable is empty:

    --
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    --

    I did not commit the changes to the iptables file, but i did notice that when i forwarded port22 on one of the hosts's IP addresses to the private net IP address of the guest, i was no longer able to open a port 22 connection to that host's IP address. Which indicates that it didnt work.

    The guest is able to ping the outside world (including the host) and the host is able to ping the guest's private ip address.

  10. #10
    Join Date
    Sep 2007
    Posts
    368

    *

    Quote Originally Posted by Adonis View Post
    The iptable is empty:

    --
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    --

    I did not commit the changes to the iptables file, but i did notice that when i forwarded port22 on one of the hosts's IP addresses to the private net IP address of the guest, i was no longer able to open a port 22 connection to that host's IP address. Which indicates that it didnt work.

    The guest is able to ping the outside world (including the host) and the host is able to ping the guest's private ip address.

    No, that is not right, i asked you to post your iptables rules which you are testing for apache redirection. i have done many times on many ports, it always work thats why i am wondering what rules you are testing post your iptables so i can have a look and observer.

  11. #11
    I am not sure if this is what you are looking for...

    I tried a lot of different rules, but the last few were (server IP changed to 10.10.10.10):

    iptables -t nat -I PREROUTING -s ! 172.16.229.0 -d 10.10.10.10 -p tcp --dport 22 -j DNAT --to-dest 172.16.229.129

    I removed that one, then added the one you posted in an earlier reply above:

    iptables -t nat -A PREROUTING -p tcp -d 10.10.10.10 --dport 22 -j DNAT --to-destination 172.16.229.129

    And i also tried adding the following postrouting line:

    iptables -t nat -A POSTROUTING -p tcp -d 10.10.10.10 --dport 22 -j MASQUERADE

    I only tried port 22 forwarding, because the server is completely empty. No websites are available on the host, nor on the guest. Before the routing, port 22 worked on that IP, but just for the host, after the routing, port 22 on that IP no longer functioned.

    This is purely a testing setup. Later this month i need to move everything over from my old server (non virtualized) to this one. I hoped to use virtualization because it would make future server moves a lot easier.

  12. #12
    Join Date
    Sep 2007
    Posts
    368

    *

    Please your rules i dont understand, its very easy.


    On the firewall box, you need something like the following rules.


    # port forward for web from external webserver to internal
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -s web.example.com -j DNAT --to 192.168.1.2
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -s web1.example.com -j DNAT --to 192.168.1.3

    web*.example.com replace with your live server ip address.

  13. #13
    I don't get it. This is a brand new install and there are no rules yet (like the iptables output i posted a few posts above). Apache is running, but there are no websites, no controlpanels, just vmware. I don't see where else i can get information from.

    The CentOS install is the only location i can get information from. I have no access to any external firewalls, routers, etc as those are managed by the server company.

Similar Threads

  1. Port Forwarding Problems with ActionTec MI424-WR Rev. D and Port Forwarding
    By Jacob Wall in forum Computers and Peripherals
    Replies: 3
    Last Post: 06-10-2012, 07:44 PM
  2. DirectAdmin email forwarding not forwarding
    By river1 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 06-30-2008, 07:28 AM
  3. IP forwarding
    By Khadir in forum Hosting Security and Technology
    Replies: 1
    Last Post: 10-27-2006, 12:35 PM
  4. DNS changes or URL forwarding??? help
    By hostrabbit in forum Web Hosting
    Replies: 7
    Last Post: 02-22-2005, 08:04 PM
  5. URL-Forwarding, E-mail forwarding etc.
    By bandari in forum Domain Names
    Replies: 1
    Last Post: 10-23-2003, 04:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •