1

I have 2 servers

Server A and Server B

ServerA = 1.1.1.1 ServerB = 2.2.2.2

I am using ip-tables to send all traffic on port 80 to Server B

on Server (A) 1.1.1.1

i have done

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2:80

iptables -t nat -A POSTROUTING -j MASQUERADE

it's working fine 100%

but my netstat commands are not working

on Server B 2.2.2.2 when I run netstat

only 1 ip shows up 1.1.1.1

and on Server A 1.1.1.1 when I run netstat , nothing is displayed

Is there a command to see the client's IP address either on ServerA, or ServerB?

Thanks,

New to all this iptables stuff!

netstat -punta:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 36 forward:2222 myhomeip:63279 ESTABLISHED
tcp 0 0 forward:http 56.161.164.142:56643 TIME_WAIT
Daniel Widrick
  • 3,488
  • 2
  • 13
  • 27
Ra Fay
  • 21
  • 1
  • what is the output of 'netstat punta' on ServerA? – Daniel Widrick Jan 21 '15 at 14:32
  • Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 36 forward:2222 myhomeip:63279 ESTABLISHED tcp 0 0 forward:http 56.161.164.142:56643 TIME_WAIT – Ra Fay Jan 21 '15 at 14:46
  • Please provide the output of `ip link sh`, `ip addr sh`, `ip rule sh`, and `ip route sh` on "Server-A" _and_ "Server-B" – pepoluan Jan 22 '15 at 10:03
  • 1
    Which part is sending the packet to 2.2.2.2:80 ? This seems bad because if you use A as a NAT gateway, you are then basically DNATing and SNATing in the same forwarding process so you will eventually loose the actual source IP address. – Xavier Lucas Jan 22 '15 at 23:24

0 Answers0