Describe:
End User cannot access Server B via port 8000.
End User can access Server A via port 8000.
How to End User can access application on Server B which running port 8000?
Before Forwarding, end user cannot access via 8000.
Details:
1. Check Port Forwarding:
[root@PTUD-S05 ~]# ifconfig bond0 Link encap:Ethernet HWaddr 44:A8:42:18:29:55 inet addr:IP_SERVER_A Bcast:10.30.164.191 Mask:255.255.255.192 inet6 addr: fe80::46a8:42ff:fe18:2955/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:5433 errors:0 dropped:0 overruns:0 frame:0 TX packets:2084 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:540826 (528.1 KiB) TX bytes:299158 (292.1 KiB) [root@PTUD-S05 ~]# cat /proc/sys/net/ipv4/conf/bond0/forwarding 0 [root@PTUD-S05 ~]# echo '1' > /proc/sys/net/ipv4/conf/bond0/forwarding [root@PTUD-S05 ~]# cat /proc/sys/net/ipv4/conf/bond0/forwarding 1 |
[root@PTUD-S05 ~]# vi /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i bond0 -p tcp -m tcp --dport 8000 -j DNAT --to-destination IP_Server_B:8000 -A POSTROUTING -o bond0 -p tcp -m tcp -d IP_Server_B --dport 8000 -j SNAT --to-source IP_Server_A COMMIT # Completed on Sat Sep 12 02:31:44 2015 # Generated by iptables-save v1.4.7 on Sat Sep 12 02:31:44 2015 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [779:107936] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT #-A INPUT -j REJECT --reject-with icmp-host-prohibited #-A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sat Sep 12 02:31:44 2015 |
3. Restart Iptables to apply it.
[root@PTUD-S05 ~]# service iptables restart iptables: Setting chains to policy ACCEPT: filter nat [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@PTUD-S05 ~]# |
After Forwarding:
0 komentar:
Post a Comment