- My computer
- CentOS 6.5 intermediate server IP_CENTOS
- Third party service: https://IP_SERVICE/domain/service-path
From my computer I can reach the CentOS server, but not the third party service.
From CentOS server you can reach the third party service.
I want to use CentOS server as a bridge in order to forward traffic from my computer to the third party service and vice versa.
Set configuration
Step 1
Enable ip forward in iptables:
echo 1 >/proc/sys/net/ipv4/ip_forward
Step 2
iptables -t nat -A PREROUTING -p tcp --dport 9443 -j DNAT --to-destination [IP_SERVICE]:443
iptables -t nat -A POSTROUTING -p tcp -d [IP_SERVICE] --dport 443 -j SNAT --to-source [IP_CENTOS]
Here you have:
- 9443 is the fake port used in CentOS server.
- IP_SERVICE is the IP address of the third party service
- 443 is the default HTTPS port, as the third party service is in https://xxxxxx
- IP_CENTOS is the IP address of the CentOS server
Step 3
Save the rules:
service iptables save
service iptables reload
You can check the configuration as follow:
iptables -t nat --line-numbers -L
more /etc/sysconfig/iptables
Test
From My Computer you can check to access to https://IP_CENTOS:9443/domain/service-path
Rollback configuration
In order to restore configuration and delete all previous work, do as follows:
echo 0 >/proc/sys/net/ipv4/ip_forward
Check the rules and delete them one by one:
iptables -t nat --line-numbers -L
iptables -t nat -D PREROUTING|POSTROUTING [num]
No hay comentarios:
Publicar un comentario