iptables and Foreign Interface . Plese Help me.

skoltogyan · January 27, 2015, 2:25pm

My Enviroment:

Server1(192.168.41.12)-----|Switch|----(eth0=192.168.41.8)Server3(eth1=A.B.C.D , REAL IP ADDRESS )
Server2(192.168.41.13)-----|

How configured:
Server3 - Linux(OpenSUSE)
iptables rules is:

Allow All from the Local LAN to The Public Internet

iptables -A FORWARD -i eth0 -j ACCEPT

MAsquerade all outgoing packets

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to A.B.C.D

PAT from the Internet to the Local LAN(Server1)

iptables -t nat -A PREROUTING -i eth1 -d A.B.C.D -p tcp --dport 443 -j DNAT --to-destination 192.168.41.12:443
iptables -A FORWARD -eth1 -p tcp --dport 443 -d 192.168.41.12 -j ACCEPT

How it work:

From the internet:
telnet A.B.C.D 443
This is OK. ( on the Local Server1 i see incoming tcp:443 connection)
From the Server2:
telnet 192.168.41.12 443
This is OK ( on the Local Server1 i see incoming tcp:443 connection)

Problem:
1)
From the Server2:
telnet A.B.C.D 443
Connection not UP …

It is necessary for me that the packet passed so:
Server2----eth0_Server3_eth1----->Server1

Please, Help me

Serg

galliley89 · January 28, 2015, 6:42am

This occurs because desync IP source-destination.
You must setup 2 routing table with iproute2. In each table must be defaul route and choose table in policy. It is named poly based routing.

Bun You make telnet with domain name (not IP). And domain name will be different fo You and from glob.

galliley89 · January 28, 2015, 6:56am

policy based routing

arvidjaar · January 28, 2015, 8:38am

Of course. It does not know that it has to forward packets from your local network back to your local network.
It is called loopback NAT. See http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO-10.html