Put a CentOS stand before application server as a protector
I have a application server that is running Windows Server 2008 R2. On this server, I have applications (.exe) running and listening ports 10000, 11000, 13000
Client (exe) connect directly to server via these ports above.
Now, for security purpose, I want to build a CentOS stand before (like proxy) Windows server and handles all connections then redirects to Windows server.
On CentOS, I use iptables with rules bellow:
sysctl net.ipv4.ip_forward=1 iptables -t nat -A PREROUTING -p tcp --dport 10000 -j DNAT --to 220.127.116.11:10000 iptables -t nat -A PREROUTING -p tcp --dport 11000 -j DNAT --to 18.104.22.168:11000 iptables -t nat -A PREROUTING -p tcp --dport 12000 -j DNAT --to 22.214.171.124:12000 iptables -t nat -A POSTROUTING -j MASQUERADE
Now, when client is running, I checked log on Windows server and see applications on Windows Server are accept incomming connection from client via CentOS
Client ----- CentOS ----- Windows Server
However, in this step, client app is error and show error : can not received response from server.
I guess I miss some rule in iptables that will allow response packet from WS ?
Hope someone can help me fix it.
Thanks in advanced.