3

I have rackspace account and wish to have this sort of setup:

Firewall/Gateway

eth0 - Public IP (56.X.X.X)

eth1 - Private IP (10.X.X.X)

Ubuntu 10.10. Accepts connections from the internet and routes port 80 to node1 (10.x.x.x)

node1

eth0 - Disabled Public IP (56.X.X.X)

eth1 - Private IP (10.X.X.X)

Ubuntu 10.10. This server is the web server.

Question:

I have searched over and over on how to achieve this and I'm not certain the steps I need to take. Rackspace gives these IPs to me, I don't control (at this point) what the IP's are for these nodes but they each have a Public IP on eth0, and Private IP on eth1.

How can I successfully forward port 80 requests from the Firewall/Gateway to node1?

EDIT: Here are my iptables settings

# Generated by iptables-save v1.4.4 on Fri Jun 17 18:09:39 2011
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:452]
:POSTROUTING ACCEPT [1:452]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.182.33.191:80 
COMMIT
# Completed on Fri Jun 17 18:09:39 2011
# Generated by iptables-save v1.4.4 on Fri Jun 17 18:09:39 2011
*filter
:INPUT ACCEPT [154:11452]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [81:9672]
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
COMMIT
# Completed on Fri Jun 17 18:09:39 2011
ehftwelve
  • 171
  • 5

1 Answers1

0

You could do this with some iptables rules on your firewall host. I'm assuming your already using iptables since your calling it a 'firewall' host:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 10.x.x.x:80
iptables -A INPUT -p tcp -m state --state NEW --dport 80 -i eth0 -j ACCEPT

The first rule sets up a portforward for packets arriving on port 80 of eth0. It forwards them to 10.x.x.x:80 (enter your node1 IP here). The second rule allows new incoming connections on port 80 of eth0. Of course you need this to actually allow packets to arrive at the firewall.

Don't forget to save your iptables config and load it on system startup. I use the package iptables-persistant for this purpose but it's a bit annoying that Ubuntu doesn't have a standard method for saving and loading the firewall.

Martijn Heemels
  • 7,728
  • 7
  • 40
  • 64
  • It seems to hang. Is it trying to forward the Public IP to the Private IP when there needs to be masquerading or something happening? – ehftwelve Jun 17 '11 at 18:07