Question

Can you configure iptables so that an application single socket can work on both private and public networks

Posted November 24, 2019 229 views
FirewallConfiguration ManagementDigitalOcean Cloud Firewalls

So I have server a and b in one data center, but server c is in another data center.

Within those servers I have node apps using sockets to communicate with eachother, as of now a listens from b and c on the same socket, and b listens to a and c from the same socket.

The problem is, I want to utilize the private networking between a and b, but I understand I can’t from c.

I was wondering if there’s any iptables magic that can handle this situation- or do I need to refactor my servers to utilize a private and public socket for different server communications?

example -

Server A public ip 168.11.111.111, private ip is 10.11.111.111
Server B public ip is 168.22.222.222, private ip is 10.22.222.222
Server C public ip is 168.33.333.333

I was thinking I could do something maybe like this for communication from A to B

sudo iptables -t nat -A POSTROUTING -s 168.11.111.111 -j SNAT --to-source 10.11.111.111 //IF DESTINATION IS 10.22.222.222 ? is this possible to add to the rule?

then on server b it would be something like

iptables -t nat -A PREROUTING -d 10.22.222.222 -j REDIRECT --to-destination 168.22.222.222

Basically I want to make it so the output will redirect it’s source from the public to private and then the receiving end will redirect the private destination to the public destination - this way all my apps can use the same socket listening on a public address but also utilize the private network of digital ocean.

0 answers
Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!