Can you configure iptables so that an application single socket can work on both private and public networks

Posted November 24, 2019 260 views
FirewallConfiguration ManagementDigitalOcean Cloud Firewalls

So I have server a and b in one data center, but server c is in another data center.

Within those servers I have node apps using sockets to communicate with eachother, as of now a listens from b and c on the same socket, and b listens to a and c from the same socket.

The problem is, I want to utilize the private networking between a and b, but I understand I can’t from c.

I was wondering if there’s any iptables magic that can handle this situation- or do I need to refactor my servers to utilize a private and public socket for different server communications?

example -

Server A public ip, private ip is
Server B public ip is, private ip is
Server C public ip is 168.33.333.333

I was thinking I could do something maybe like this for communication from A to B

sudo iptables -t nat -A POSTROUTING -s -j SNAT --to-source //IF DESTINATION IS ? is this possible to add to the rule?

then on server b it would be something like

iptables -t nat -A PREROUTING -d -j REDIRECT --to-destination

Basically I want to make it so the output will redirect it’s source from the public to private and then the receiving end will redirect the private destination to the public destination - this way all my apps can use the same socket listening on a public address but also utilize the private network of digital ocean.

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!