How to forward port to connect multiple MSK Kafka brokers through bastion?

Question

I have MSK Kafka cluster on AWS with 3 brokers: b1.amazonaws.com:9092, b2.amazonaws.com:9092, b3.amazonaws.com:9092. Brokers are not public, so I have opened 3 tunnels through bastion:

ssh -L 9092:b1.amazonaws.com:9092 -L 9093:b2.amazonaws.com:9092 -L 9094:b3.amazonaws.com:9092

But I can't setup my Kafka client to connect to localhost:9092,localhost:9093,localhost:9094 - I have to keep original setup.

I defined in /etc/host

127.0.0.1 b1.amazonaws.com
127.0.0.2 b2.amazonaws.com
127.0.0.3 b3.amazonaws.com

but I have still issue that local ports are 9092, 9093 and 9094 but remote ports are 3x9092

I tried many variants of iptable for example

iptables -A OUTPUT -t nat -d 127.0.0.2 -p tcp --dport 9092 -j REDIRECT --to-port 9093 but it does not work. Application connects only to tunnel on port 9092, 9093 and 9094 are not reached.

How to solve the problem?

score 0 · Accepted Answer · answered Nov 13 '22 at 23:57

I missed one important thing: I have application working on windows and tunnels opened on WLS2. Iptables maps port only within WSL2. I enabled port mapping on windows (powershell/admin)

and Kafka connection works

netsh interface portproxy add v4tov4 listenaddress=127.0.0.2 listenport=9092 connectaddress=127.0.0.1 connectport=9093
netsh interface portproxy add v4tov4 listenaddress=127.0.0.3 listenport=9092 connectaddress=127.0.0.1 connectport=9094

How to forward port to connect multiple MSK Kafka brokers through bastion?

1 Answers1