Redirecting MySQL request from old to new serveriptables port forwardingWebserver establishing new outgoing...
Why does Japan use the same type of AC power outlet as the US?
Stephen King and steam/diesel/cyber-punk
How can God warn people of the upcoming rapture without disrupting society?
"Table of Astronomy's" depiction of the solar system models
Lípínguapua dopo Pêpê
Doesn't the speed of light limit imply the same electron can be annihilated twice?
Where can I find Rav Kook's writing of this?
Dogfights in outer space
Does an Irish VISA WARNING count as "refused entry at the border of any country other than the UK?"
Does EU compensation apply to flights where the departure airport closes check-in counters during protests?
What can Amex do if I cancel their card after using the sign up bonus miles?
How would you translate this? バタコチーズライス
How can I communicate my issues with a potential date's pushy behavior?
Why is the second S silent in "Sens dessus dessous"?
Can lodestones be used to magnetize crude iron weapons?
If "more guns less crime", how do gun advocates explain that the EU has less crime than the US?
What is the たんだ in と思ってたんだ for the sentence in question?
"Mouth-breathing" as slang for stupidity
How do I call a 6-digit Australian phone number with a US-based mobile phone?
Escape Velocity - Won't the orbital path just become larger with higher initial velocity?
Why is tert-butoxide often used in elimination reactions when it is not necessary?
How far did Gandalf and the Balrog drop from the bridge in Moria?
Why aren’t there water shutoff valves for each room?
Identifying My Main Water Shutoff Valve / Setup
Redirecting MySQL request from old to new server
iptables port forwardingWebserver establishing new outgoing connections from port 443Drop TCP packets and prevent TCP retransmissioniptables - Redirect web traffic to LAN ServerPort forward- Why is iptables with POSTROUTING rule required?port translation in Linux local firewall - iptables in CentOS 6Trying to setup port redirection through 2nd gateway
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I need to add a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).
I need this because there are some webapp compiled with static IP and I can't rebuild them in my own.
centos iptables
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
add a comment |
I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I need to add a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).
I need this because there are some webapp compiled with static IP and I can't rebuild them in my own.
centos iptables
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday
add a comment |
I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I need to add a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).
I need this because there are some webapp compiled with static IP and I can't rebuild them in my own.
centos iptables
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
I have a Linux webserver (CentOS7) with Tomcat and 2 MS sql server (SqlOLD - 192.168.4.23 and SqlNew - 192.168.4.28).
I need to add a rule (on the webserver) that forwards any packet from OLD to NEW SQL (port tcp/1433).
I need this because there are some webapp compiled with static IP and I can't rebuild them in my own.
centos iptables
centos iptables
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
edited 16 hours ago
Rui F Ribeiro
41.2k16 gold badges94 silver badges156 bronze badges
41.2k16 gold badges94 silver badges156 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
asked yesterday
Kyle SmithKyle Smith
153 bronze badges
153 bronze badges
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday
add a comment |
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday
add a comment |
1 Answer
1
active
oldest
votes
This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).
iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28
This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.
To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.
iptables -nvL # Blocking and permitting packets ("-t filter")
iptables -t nat -nvL # Rewriting packets, eg different destinations
iptables -t mangle -nvL # Not used so often
iptables -t raw -nvL # Used rarely
iptables -t security -nvL # SELinux
To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).
There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll neediptables -t nat -L -v -nto show the rule: if you don't specify the-toption, the default is equivalent to-t filter. Likewise, to remove the rule, you'll neediptables -t nat -D OUTPUT ...with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
– telcoM
yesterday
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f535315%2fredirecting-mysql-request-from-old-to-new-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).
iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28
This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.
To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.
iptables -nvL # Blocking and permitting packets ("-t filter")
iptables -t nat -nvL # Rewriting packets, eg different destinations
iptables -t mangle -nvL # Not used so often
iptables -t raw -nvL # Used rarely
iptables -t security -nvL # SELinux
To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).
There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll neediptables -t nat -L -v -nto show the rule: if you don't specify the-toption, the default is equivalent to-t filter. Likewise, to remove the rule, you'll neediptables -t nat -D OUTPUT ...with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
– telcoM
yesterday
add a comment |
This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).
iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28
This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.
To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.
iptables -nvL # Blocking and permitting packets ("-t filter")
iptables -t nat -nvL # Rewriting packets, eg different destinations
iptables -t mangle -nvL # Not used so often
iptables -t raw -nvL # Used rarely
iptables -t security -nvL # SELinux
To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).
There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll neediptables -t nat -L -v -nto show the rule: if you don't specify the-toption, the default is equivalent to-t filter. Likewise, to remove the rule, you'll neediptables -t nat -D OUTPUT ...with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
– telcoM
yesterday
add a comment |
This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).
iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28
This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.
To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.
iptables -nvL # Blocking and permitting packets ("-t filter")
iptables -t nat -nvL # Rewriting packets, eg different destinations
iptables -t mangle -nvL # Not used so often
iptables -t raw -nvL # Used rarely
iptables -t security -nvL # SELinux
To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).
There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
This is an interesting problemette. The usual approach for rewriting addresses is to use the NAT PREROUTING table, but this won't work here. You can't use DNAT in the PREROUTING table because traffic isn't coming in to your originating webserver, and DNAT isn't permitted in POSTROUTING. Instead, this is one of the rare times when DNAT should be placed into the OUTPUT chain (albeit in the NAT table).
iptables -t nat -I OUTPUT -o eth0 --dst 192.168.4.23 -j DNAT --to 192.168.4.28
This takes all output heading through interface eth0 (which you may need to adjust for your CentOS environment) that's destined for 192.168.4.23 and rewrites to go to 192.168.4.28. Port numbers should remain unchanged. Returning packets should be automatically rewritten provided you've got the conntrack module in your kernel.
To list iptables rules you need to run five separate commands (there are five sets of rules), but in practice mostly the first two are sufficient for rules that you would manage.
iptables -nvL # Blocking and permitting packets ("-t filter")
iptables -t nat -nvL # Rewriting packets, eg different destinations
iptables -t mangle -nvL # Not used so often
iptables -t raw -nvL # Used rarely
iptables -t security -nvL # SELinux
To remove a rule you can repeat it, changing -I (insert) or -A (append) for -D (delete).
There are many tutorials about iptables. You may find that since you're using CentOS it's worth your while learning about the higher-level firewall tool firewalld (see man firewalld for a starting point, and of course lots of Google-fu).
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
edited yesterday
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
answered yesterday
roaimaroaima
48.8k7 gold badges63 silver badges131 bronze badges
48.8k7 gold badges63 silver badges131 bronze badges
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll neediptables -t nat -L -v -nto show the rule: if you don't specify the-toption, the default is equivalent to-t filter. Likewise, to remove the rule, you'll neediptables -t nat -D OUTPUT ...with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
– telcoM
yesterday
add a comment |
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll neediptables -t nat -L -v -nto show the rule: if you don't specify the-toption, the default is equivalent to-t filter. Likewise, to remove the rule, you'll neediptables -t nat -D OUTPUT ...with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.
– telcoM
yesterday
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
Awesome Roaima it works! Thank you Thank you Thank you! May i ask you how can i show the rule with iptable command? Something like iptables -L -v -n. And how can i remove it without reboot the webserver? Thanks!
– Kyle Smith
yesterday
You'll need
iptables -t nat -L -v -n to show the rule: if you don't specify the -t option, the default is equivalent to -t filter. Likewise, to remove the rule, you'll need iptables -t nat -D OUTPUT ... with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.– telcoM
yesterday
You'll need
iptables -t nat -L -v -n to show the rule: if you don't specify the -t option, the default is equivalent to -t filter. Likewise, to remove the rule, you'll need iptables -t nat -D OUTPUT ... with either the line number or the rule specification of the rule you wish to remove as the tail end of the command.– telcoM
yesterday
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f535315%2fredirecting-mysql-request-from-old-to-new-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
No problem, old server: 192.168.4.23, new server 192.168.4.28. NM: 255.255.240.0. Port is standard 1433 TCP
– Kyle Smith
yesterday