how to 2 ip virtual in public dan private with forward to different destination

Question

Here my case,

Server 1 public IP in 1 box (eth0) -> 203.x.x.55/28 and 57/28 gw 203.x.x.49 private IP (eth1) -> 10.10.8.1

Server 2 private IP in 1 box (eth0) -> 10.10.8.5/24 and 7/24 gw 10.10.8.1

Iptables

-A PREROUTING -d 203.x.x.55 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.8.5:80
-A PREROUTING -d 202.10.39.57 -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.10.8.7:80
-A POSTROUTING -s 10.10.8.5 -j SNAT --to-source 203.x.x.55
-A POSTROUTING -s 10.10.8.7 -j SNAT --to-source 203.x.x.57

then my problem are if from ip private with destination port 9100 will use Ip public 55 and port 9200 will use ip public 57.

-A POSTROUTING -s 10.10.8.5/24 -d 10.10.8.1 -p tcp -m tcp --dport 9100 -j SNAT --to-source 202.x.x.55
-A POSTROUTING -s 10.10.8.0/24 -d 10.10.8.1 -p tcp -m tcp --dport 9200 -j SNAT --to-source 202.x.x.57

Result not success, all detected with ip 57.

Whats wrong with this ? thank for you attention.

Looks like you did not put the rules in the correct order. Could you include the output of `iptables-save` such that we can see the entire context. — kasperd, May 16 '14 at 18:03

score 0 · Answer 1 · answered May 17 '14 at 16:22

Problem solved.

add destination to outside_target:

-A POSTROUTING -s 10.10.8.0/255.255.255.0 -d (outside_target) -p tcp -m tcp --dport 9100 -j SNAT --to-source 202.x.x.55
-A POSTROUTING -s 10.10.8.0/255.255.255.0 -d (outside_target) -p tcp -m tcp --dport 9100 -j SNAT --to-source 202.x.x.57

how to 2 ip virtual in public dan private with forward to different destination

1 Answers1