Put a CentOS stand before application server as a protector
I have a application server that is running Windows Server 2008 R2. On this server, I have applications (.exe) running and listening ports 10000, 11000, 13000
Client (exe) connect directly to server via these ports above.
Now, for security purpose, I want to build a CentOS stand before (like proxy) Windows server and handles all connections then redirects to Windows server.
On CentOS, I use iptables with rules bellow:
sysctl net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 10000 -j DNAT --to 220.127.116.11:10000 iptables -t nat -A PREROUTING -p tcp --dport 11000 -j DNAT --to 18.104.22.168:11000 iptables -t nat -A PREROUTING -p tcp --dport 12000 -j DNAT --to 22.214.171.124:12000 iptables -t nat -A POSTROUTING -j MASQUERADE
Now, when client is running, I checked log on Windows server and see applications on Windows Server are accept incomming connection from client via CentOS
Client —– CentOS —– Windows Server
However, in this step, client app is error and show error : can not received response from server.
I guess I miss some rule in iptables that will allow response packet from WS ?
Hope someone can help me fix it.
Thanks in advanced.