I have a number of Ubuntu 16.04 VMs within a OpenStack project. As I have only one floating IP, I used one of the VMs as a gateway server (IP:10.1.1.1) with iptables port forwarding to have access to all the VMs from outside via Internet. One VM is used as a web server (IP:10.1.1.2). I have a NAT rule for this VM in /etc/iptables/rules.v4 as follows:
...
-A PREROUTING -p tcp -m tcp --dport 8002 -j DNAT --to-destination 10.1.1.2:80
-A POSTROUTING -j MASQUERADE
COMMIT
As I wanted, I have access to the web server from floating_ip:8002. However, as postrouting masquerades any outgoing packet including forwarded packet, all forwarded packets appear to come from the gateway server (10.1.1.1), which is not wanted. My question is how to prevent masquerading the forwarded packet so that I can get the real remote IP accessing the web server. There was a suggestion in http://ift.tt/2kxBJzO to use out-bound interface, but I am not sure which interface to use as I can see only one interface (eth0) in the gateway server and it doesn't work with -o eth0.
I very much appreciate for your suggestion or answer.
Aucun commentaire:
Enregistrer un commentaire