Mdthbs

Update Office without opening an Office application

Does one make a shehecheyanu on "used" jewelry?

Help, I cannot decide when to start the story

If "more guns less crime", how do gun advocates explain that the EU has less crime than the US?

Is it okay to write non-offensive humor into meeting minutes?

Are there really no countries that protect Freedom of Speech as the United States does?

Why is there a large performance impact when looping over an array over 240 elements?

Is it okay for a ticket seller to grab a tip in the USA?

Heating Margarine in Pan = loss of calories?

Boss wants me to ignore a software API license prohibiting mass download

Modeling the uncertainty of the input parameters

Why aren't rainbows blurred-out into nothing after they are produced?

Website error: "Walmart can’t use this browser"

crippling fear of hellfire &, damnation, please help?

Why is Python 2.7 still the default Python version in Ubuntu?

Can the IPA represent all languages' tones?

Flood on the top floor

Case Condition for two lines

Software for validating answers from students

Is it possible to grow new organs through exposure to radioactivity?

Telephone number in spoken words

PhD advisor lost funding, need advice

How to remove ambiguity: "... lives in the city of H, the capital of the province of NS, WHERE the unemployment rate is ..."?

Can I enter the USA with an E-2 visa and a one way flight ticket?

Help with IPTABLE Command

iptables port forwardingiptables - Redirect web traffic to LAN ServerAccess to webapp from a different machineCan't connect to Tomcat on port 8080 (port 80 works)port translation in Linux local firewall - iptables in CentOS 6Iptables: `nf_conntrack_ftp` not working under debianiptables: transparent tcp traffic proxy

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

-1

I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I want to do a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).

I need this because there are some webapp compiled with static IP and i can't rebuild them in my own.

Can you help me?
Thank you!

centos iptables

share|improve this question

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
  
  – Kyle Smith
  17 hours ago
  
  
  

  
  
  
  

add a comment | 

-1

I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I want to do a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).

I need this because there are some webapp compiled with static IP and i can't rebuild them in my own.

Can you help me?
Thank you!

centos iptables

share|improve this question

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
  
  – Kyle Smith
  17 hours ago
  
  
  

  
  
  
  

add a comment | 

I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I want to do a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).

I need this because there are some webapp compiled with static IP and i can't rebuild them in my own.

Can you help me?
Thank you!

centos iptables

share|improve this question

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

share|improve this question

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

share|improve this question

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

edited 17 hours ago

roaima

48.7k77 gold badges6363 silver badges131131 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

asked 17 hours ago

Kyle SmithKyle Smith

1333 bronze badges

1 Answer
1

active

oldest

votes

1

This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).

iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28

This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.

To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.

iptables -nvL                # Blocking and permitting packets ("-t filter")

iptables -t nat -nvL         # Rewriting packets, eg different destinations

iptables -t mangle -nvL      # Not used so often

iptables -t raw -nvL         # Used rarely

iptables -t security -nvL    # SELinux

To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).

There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).

share|improve this answer

edited 14 hours ago

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
  
  – Kyle Smith
  16 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You'll need iptables -t nat -L -v -n to show the rule: if you don't specify the -t option, the default is equivalent to -t filter. Likewise, to remove the rule, you'll need iptables -t nat -D OUTPUT ... with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
  
  – telcoM
  13 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f535315%2fhelp-with-iptable-command%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).

iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28

This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.

To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.

iptables -nvL                # Blocking and permitting packets ("-t filter")

iptables -t nat -nvL         # Rewriting packets, eg different destinations

iptables -t mangle -nvL      # Not used so often

iptables -t raw -nvL         # Used rarely

iptables -t security -nvL    # SELinux

To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).

There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).

share|improve this answer

edited 14 hours ago

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
  
  – Kyle Smith
  16 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You'll need iptables -t nat -L -v -n to show the rule: if you don't specify the -t option, the default is equivalent to -t filter. Likewise, to remove the rule, you'll need iptables -t nat -D OUTPUT ... with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
  
  – telcoM
  13 hours ago
  

  
  
  
  

add a comment | 

1

This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).

iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28

This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.

To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.

iptables -nvL                # Blocking and permitting packets ("-t filter")

iptables -t nat -nvL         # Rewriting packets, eg different destinations

iptables -t mangle -nvL      # Not used so often

iptables -t raw -nvL         # Used rarely

iptables -t security -nvL    # SELinux

To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).

There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).

share|improve this answer

edited 14 hours ago

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
  
  – Kyle Smith
  16 hours ago
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  You'll need iptables -t nat -L -v -n to show the rule: if you don't specify the -t option, the default is equivalent to -t filter. Likewise, to remove the rule, you'll need iptables -t nat -D OUTPUT ... with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
  
  – telcoM
  13 hours ago
  

  
  
  
  

add a comment | 

This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).

iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28

This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.

To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.

iptables -nvL                # Blocking and permitting packets ("-t filter")

iptables -t nat -nvL         # Rewriting packets, eg different destinations

iptables -t mangle -nvL      # Not used so often

iptables -t raw -nvL         # Used rarely

iptables -t security -nvL    # SELinux

To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).

There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).

share|improve this answer

edited 14 hours ago

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28

iptables -nvL                # Blocking and permitting packets ("-t filter")

iptables -t nat -nvL         # Rewriting packets, eg different destinations

iptables -t mangle -nvL      # Not used so often

iptables -t raw -nvL         # Used rarely

iptables -t security -nvL    # SELinux

share|improve this answer

edited 14 hours ago

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges

answered 16 hours ago

roaimaroaima

48.7k77 gold badges6363 silver badges131131 bronze badges