0

I am moving a server from one local IP address to another, and I have a lot of places on my network which statically reference the old IP address. I'd like to re-route that traffic to the new address, while also being able to directly use the new address.

I expected a simple DNAT in the PREROUTING nat table would do the trick, but it doesn't work. I used the below, and I see the entry added in iptables -nvL -t nat:

 iptables -I PREROUTING -t nat -d $OLD_ADDR -j DNAT --to-destination $NEW_ADDR

A quick look on tcpdump on the interface which has the new address doesn't show anything hitting, while looking at it on the old interface shows traffic is still trying to go that direction. What am I missing?

EDIT: The PREROUTING rule above was added on the router. The server is reachable from a different interface than it originally was, but both interfaces exist on the router.

aaronburro
  • 101
  • 1
  • Where exactly did you enter that iptables directive? On new server, on old server or on computer accessing the servers? Do you still have the old server on old address? I would suggest that new server would have both IP addresses. – nobody Mar 20 '19 at 17:44
  • I added it to the router. – aaronburro Mar 20 '19 at 17:52
  • You are adding a rule to PREROUTING chain. I do not have enough information about your network and route configuration, but I would guess that your router serves as an internet router. If that is the case, chains on the router are used for translating network addresses between you internal network and internet. Therefore, PREROUTING chain might work only on internet interface and traffic on internal ports does not apply to this chain and rules in the chain. – nobody Mar 20 '19 at 19:52
  • I also think that one rule is not enough. Imagine that you send a packet from a to b, but is rerouted to c. Than c responds to a, but a does not recognize the response, because it did not come from b, where is was sent to. I think you at least need also a rule for returning traffic. – nobody Mar 20 '19 at 19:54

0 Answers0