Question
Can you configure iptables so that an application single socket can work on both private and public networks
- Posted on November 24, 2019
- DigitalOcean Cloud FirewallsFirewallConfiguration Management
Asked by visgotti
So I have server a and b in one data center, but server c is in another data center.
Within those servers I have node apps using sockets to communicate with eachother, as of now a listens from b and c on the same socket, and b listens to a and c from the same socket.
The problem is, I want to utilize the private networking between a and b, but I understand I can’t from c.
I was wondering if there’s any iptables magic that can handle this situation- or do I need to refactor my servers to utilize a private and public socket for different server communications?
example -
Server A public ip 168.11.111.111, private ip is 10.11.111.111 Server B public ip is 168.22.222.222, private ip is 10.22.222.222 Server C public ip is 168.33.333.333
I was thinking I could do something maybe like this for communication from A to B
sudo iptables -t nat -A POSTROUTING -s 168.11.111.111 -j SNAT --to-source 10.11.111.111 //IF DESTINATION IS 10.22.222.222 ? is this possible to add to the rule?
then on server b it would be something like
iptables -t nat -A PREROUTING -d 10.22.222.222 -j REDIRECT --to-destination 168.22.222.222
Basically I want to make it so the output will redirect it’s source from the public to private and then the receiving end will redirect the private destination to the public destination - this way all my apps can use the same socket listening on a public address but also utilize the private network of digital ocean.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!