By visgotti
So I have three servers, all three of them have bidirectional communication with each peer but only two of them are on the same shared private network.
Server A - network 1
public ip = 168.11.111.111
private ip = 10.11.111.111
Server B - network 1
public ip = 168.22.222.222
private ip = 10.22.222.222
Server C - network 2
public ip = 168.33.333.333
My application uses the public ip for binding sockets to, but I feel like it’s possible to use iptables to configure traffic to traverse through the private network for certain static IPS that are known to be in the same private network.
I did a ton of research about iptables, and I finally thought I came up with the correct scripts but I still can’t seem to get traffic to travel correctly.
So for my server a configuration I have
PRIVATE_A_IP=10.11.111.111
PUBLIC_A_IP=168.11.111.111
PRIVATE_B_IP=10.22.222.222
PUBLIC_B_IP=168.22.222.222
// redirect incoming packets for private ip to become input for public ip on the eth0 interface
iptables -t nat -A PREROUTING -d ${PRIVATE_A_IP} -i eth0 -j DNAT --to-destination ${PUBLIC_A_IP}
// redirect traffic meant for public b to be sent to private b on eth1 interface
iptables -t nat -A OUTPUT -d ${PUBLIC_B_IP} -o eth1 -j DNAT --to-destination ${PRIVATE_B_IP}
// change source of outgoing traffic to private b to say source is from private a, still eth1 interface
iptables -t nat -A POSTROUTING -d ${PRIVATE_B_IP} -o eth1 -j SNAT --to-source ${PRIVATE_A_IP}
then since it’s bidirectional i’d do the inverse for server b
iptables -t nat -A PREROUTING -d ${PRIVATE_B_IP} -i eth0 -j DNAT --to-destination ${PUBLIC_B_IP}
iptables -t nat -A OUTPUT -d ${PUBLIC_A_IP} -o eth1 -j DNAT --to-destination ${PRIVATE_A_IP}
iptables -t nat -A POSTROUTING -d ${PRIVATE_A_IP} -o eth1 -j SNAT --to-source ${PRIVATE_B_IP}
I’m pretty certain I’m doing this correct after researching NAT/iptables all weekend, is there something I’m missing?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello,
Just came across this answer and decided to write some general guidelines for anyone who comes across this in the future despite the old question.
From your description, it seems like you are trying to route traffic between your servers on the same private network (Server A and Server B) using iptables NAT rules. While these iptables rules seem correct at a glance, there could be a few possible reasons why the traffic may not be traveling correctly.
Important: Ensure that the relevant interfaces (eth0 and eth1) are correctly assigned and have proper IP addresses.
Also, please make sure to enable IP forwarding on both Server A and Server B by executing the following command:
sysctl -w net.ipv4.ip_forward=1
If you still encounter issues, I recommend verifying and testing whether the iptables rules are properly set using tools like tcpdump. This can help you locate the exact point where the traffic stops or gets misrouted.
For more details on iptables and configuring them, visit the official DigitalOcean documentation: How To Set Up an iptables Firewall to Protect Traffic Between Your Servers.
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.