Can you configure iptables so that an application single socket can work on both private and public networks

November 24, 2019 87 views
Firewall Configuration Management DigitalOcean Cloud Firewalls

So I have server a and b in one data center, but server c is in another data center.

Within those servers I have node apps using sockets to communicate with eachother, as of now a listens from b and c on the same socket, and b listens to a and c from the same socket.

The problem is, I want to utilize the private networking between a and b, but I understand I can’t from c.

I was wondering if there’s any iptables magic that can handle this situation- or do I need to refactor my servers to utilize a private and public socket for different server communications?

example -

Server A public ip 168.11.111.111, private ip is 10.11.111.111
Server B public ip is 168.22.222.222, private ip is 10.22.222.222
Server C public ip is 168.33.333.333

I was thinking I could do something maybe like this for communication from A to B

sudo iptables -t nat -A POSTROUTING -s 168.11.111.111 -j SNAT --to-source 10.11.111.111 //IF DESTINATION IS 10.22.222.222 ? is this possible to add to the rule?

then on server b it would be something like

iptables -t nat -A PREROUTING -d 10.22.222.222 -j REDIRECT --to-destination 168.22.222.222

Basically I want to make it so the output will redirect it’s source from the public to private and then the receiving end will redirect the private destination to the public destination - this way all my apps can use the same socket listening on a public address but also utilize the private network of digital ocean.

Be the first one to answer this question.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!