Fred Stluka on 6 Jun 2013 15:20:01 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Setting up a proxy via iptables?...

PLUG folks,

Do any of you have experience with setting up a proxy via
iptables.  Should be just 3 simple iptables commands, but I
tried and couldn't make it work.

Situation (skip to Details, if you like):

    I have access to a client's DB server from one of my Linux servers at
    AWS.  The client has opened a port in their firewall so I can access
    their DB server.  Works fine.  Been using it for months, as I develop
    software for them.  However, they have a very slow bureaucratic
    process for getting approval to do things like opening ports.  It
    took weeks to get them to do it.

    Now, I'm getting close to a major release of the software, and
    I want to set up a couple of other servers at AWS for testing
    various configs of the software, and they'll need access to the
    DB server also.

    Instead of asking them to open a port each time I spin up a new
    temporary test server, I thought I'd create a lightweight proxy,
    so that all of the new servers connected to my existing server, and
    it proxied the TCP/IP traffic to/from the DB server.

    I found this article:
    which made it look like it's just 3 iptable commands to set up
    the proxy.  So I tried it, but no luck.


The DB server at IP address uses port 49175.
That port is open in their firewall, but only from my server at
IP address
I need access from one of my new servers at IP address

What I did on my existing server to make it a proxy:

        set YourIP=
        set YourPort=49175
        set TargetIP=
        set TargetPort=49175

iptables -t nat -A PREROUTING --dst $YourIP -p tcp --dport $YourPort -j DNAT \
        --to-destination ${TargetIP}:${TargetPort}

iptables -t nat -A POSTROUTING -p tcp --dst $TargetIP --dport $TargetPort -j SNAT \
        --to-source $YourIP

iptables -t nat -A OUTPUT --dst $YourIP -p tcp --dport $YourPort -j DNAT \
        --to-destination ${TargetIP}:${TargetPort}

        echo 1 > /proc/sys/net/ipv4/ip_forward   (as root)

And of course, I locked down incoming traffic on that port to
be only from my new server, so it's not an open proxy for
anyone to use.

No luck!  Can't connect.  Any ideas for me?

Fred Stluka -- --
Bristle Software, Inc -- -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --