Redirect traffic between two hosts via iptables
I have 2 hosts: A and B inside 1 local network. (A ---> B)
Host A (192.168.1.1) has no access to the telegram server (149.154.167.50:80)
Host B (192.168.1.2) has an access (46-Ubuntu x86_64 GNU/Linux, ufw status: inactive)
I want to set-up 2 rules:
- Host A should redirect all his local traffic that goes to
149.154.167.50 (port 80)--> to the host B. - Host B should accept incoming traffic on port
64080and redirect it to149.154.167.50:80
What I've done:
On the A side:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -I PREROUTING -d 149.154.167.50 -p tcp --dport 80 -j DNAT --to 192.168.1.2:64080
iptables -t nat -A POSTROUTING -j MASQUERADE
On the B side:
sudo iptables -t nat -A PREROUTING -p tcp --dport 64080 -j DNAT --to-destination 149.154.167.50:80
sudo iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 149.154.167.50 -j SNAT --to-source 192.168.1.1
sudo iptables -A FORWARD -p tcp --dport 80 -d 149.154.167.50 -j ACCEPT
Also I've added an option to test it from the localhost (on the B host):
sudo iptables -t nat -A OUTPUT -p tcp --dport 64080 -d 192.168.1.1 -j DNAT --to-destination 149.154.167.50:80
It does not work because:
with curl I can connect from the B localhost: curl 192.168.1.1:64080 (successful + response)
from A host nothing happens when I try to do the same: curl 192.168.1.1:64080
Did I miss something?
networking iptables routing
asked Feb 26 at 15:40
IgorZIgorZ
1011
add a comment |
I have 2 hosts: A and B inside 1 local network. (A ---> B)
Host A (192.168.1.1) has no access to the telegram server (149.154.167.50:80)
Host B (192.168.1.2) has an access (46-Ubuntu x86_64 GNU/Linux, ufw status: inactive)
I want to set-up 2 rules:
- Host A should redirect all his local traffic that goes to
149.154.167.50 (port 80)--> to the host B. - Host B should accept incoming traffic on port
64080and redirect it to149.154.167.50:80
What I've done:
On the A side:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -I PREROUTING -d 149.154.167.50 -p tcp --dport 80 -j DNAT --to 192.168.1.2:64080
iptables -t nat -A POSTROUTING -j MASQUERADE
On the B side:
sudo iptables -t nat -A PREROUTING -p tcp --dport 64080 -j DNAT --to-destination 149.154.167.50:80
sudo iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 149.154.167.50 -j SNAT --to-source 192.168.1.1
sudo iptables -A FORWARD -p tcp --dport 80 -d 149.154.167.50 -j ACCEPT
Also I've added an option to test it from the localhost (on the B host):
sudo iptables -t nat -A OUTPUT -p tcp --dport 64080 -d 192.168.1.1 -j DNAT --to-destination 149.154.167.50:80
It does not work because:
with curl I can connect from the B localhost: curl 192.168.1.1:64080 (successful + response)
from A host nothing happens when I try to do the same: curl 192.168.1.1:64080
Did I miss something?
networking iptables routing
asked Feb 26 at 15:40
IgorZIgorZ
1011
add a comment |
I have 2 hosts: A and B inside 1 local network. (A ---> B)
Host A (192.168.1.1) has no access to the telegram server (149.154.167.50:80)
Host B (192.168.1.2) has an access (46-Ubuntu x86_64 GNU/Linux, ufw status: inactive)
I want to set-up 2 rules:
- Host A should redirect all his local traffic that goes to
149.154.167.50 (port 80)--> to the host B. - Host B should accept incoming traffic on port
64080and redirect it to149.154.167.50:80
What I've done:
On the A side:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -I PREROUTING -d 149.154.167.50 -p tcp --dport 80 -j DNAT --to 192.168.1.2:64080
iptables -t nat -A POSTROUTING -j MASQUERADE
On the B side:
sudo iptables -t nat -A PREROUTING -p tcp --dport 64080 -j DNAT --to-destination 149.154.167.50:80
sudo iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 149.154.167.50 -j SNAT --to-source 192.168.1.1
sudo iptables -A FORWARD -p tcp --dport 80 -d 149.154.167.50 -j ACCEPT
Also I've added an option to test it from the localhost (on the B host):
sudo iptables -t nat -A OUTPUT -p tcp --dport 64080 -d 192.168.1.1 -j DNAT --to-destination 149.154.167.50:80
It does not work because:
with curl I can connect from the B localhost: curl 192.168.1.1:64080 (successful + response)
from A host nothing happens when I try to do the same: curl 192.168.1.1:64080
Did I miss something?
networking iptables routing
asked Feb 26 at 15:40
IgorZIgorZ
1011
I have 2 hosts: A and B inside 1 local network. (A ---> B)
Host A (192.168.1.1) has no access to the telegram server (149.154.167.50:80)
Host B (192.168.1.2) has an access (46-Ubuntu x86_64 GNU/Linux, ufw status: inactive)
I want to set-up 2 rules:
- Host A should redirect all his local traffic that goes to
149.154.167.50 (port 80)--> to the host B. - Host B should accept incoming traffic on port
64080and redirect it to149.154.167.50:80
What I've done:
On the A side:
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.route_localnet=1
iptables -t nat -I PREROUTING -d 149.154.167.50 -p tcp --dport 80 -j DNAT --to 192.168.1.2:64080
iptables -t nat -A POSTROUTING -j MASQUERADE
On the B side:
sudo iptables -t nat -A PREROUTING -p tcp --dport 64080 -j DNAT --to-destination 149.154.167.50:80
sudo iptables -t nat -A POSTROUTING -p tcp --dport 80 -d 149.154.167.50 -j SNAT --to-source 192.168.1.1
sudo iptables -A FORWARD -p tcp --dport 80 -d 149.154.167.50 -j ACCEPT
Also I've added an option to test it from the localhost (on the B host):
sudo iptables -t nat -A OUTPUT -p tcp --dport 64080 -d 192.168.1.1 -j DNAT --to-destination 149.154.167.50:80
It does not work because:
with curl I can connect from the B localhost: curl 192.168.1.1:64080 (successful + response)
from A host nothing happens when I try to do the same: curl 192.168.1.1:64080
Did I miss something?
networking iptables routing
networking iptables routing
asked Feb 26 at 15:40
IgorZIgorZ
1011
asked Feb 26 at 15:40
IgorZIgorZ
1011
asked Feb 26 at 15:40
IgorZIgorZ
1011
asked Feb 26 at 15:40
IgorZIgorZ
1011
asked Feb 26 at 15:40
IgorZIgorZ
1011
1011
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503149%2fredirect-traffic-between-two-hosts-via-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503149%2fredirect-traffic-between-two-hosts-via-iptables%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
