Netexpertise

Whether you need to redirect telnet or ssh connections through a server because you don’t have direct access to your final destination or you’re planning a web server migration, traffic forwarding comes in handy in many situations.
This is easily achieved on Linux distributions that come with IPtables. Yes, iptables isn’t just for ACL rules, but also provides nat feature.
 
First off, allow IP forwarding. This authorise packets to pass through the server.

linux_server$ echo 1 >/proc/sys/net/ipv4/ip_forward

 
The next step is to tell iptables to NAT the traffic to the destination server (http, port 80 in this case):

linux_server$ iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination dst_srv_IP

 
In this final step, this is where iptables handles paquets sent back by the destination machine. Traffic then returns to the original client.

linux_server$ iptables -t nat -A POSTROUTING -d dst_srv_IP -p tcp -m tcp --dport 80 -j MASQUERADE

That way, you can easily forward traffic to a new web server. Clients experience no downtime while DNS entries get updated and spread across clients.

Tags: firewall, iptables, linux, network

Comments RSS