I have a network situation as follows:
-server1:1.1.1.1 -server2:2.2.2.2 -tunnel 10.8.0.0/24 -client: 3.3.3.3 I'm trying to have client IP 3.3.3.3 do an HTTP request from the 1.1.1.1 server. However I want the 1.1.1.1 server to pass this request onto the real HTTPD server 2.2.2.2. The server 2.2.2.2 resides on the other end of my tunnel and has an IP of 10.8.0.6. I want the traffic to route from client > server1 > tunnel > server2 and then back server2 < tunnel < server 1 < client.
I have tested various rules for iptables but just can't seem to get it to work properly.
On server1, I originally had:
iptables -A INPUT -s 3.3.3.3/32 -j ACCEPT and then put the following nat rules:
iptables -t nat -A PREROUTING -i tun0 -d 3.3.3.3 -j DNAT --to-destination 10.8.0.6 iptables -t nat -A POSTROUTING -s 10.8.0.6 -j SNAT --to-source 3.3.3.3 The outcome was that 3.3.3.3 kept on hitting 1.1.1.1 and 1.1.1.1 would still reply and not pass on the request to 2.2.2.2 through the tunnel.
I tried removing the iptables -A INPUT -s 3.3.3.3/32 -j ACCEPT rule thinking maybe the rule was being read first in the tables list and thus letting 1.1.1.1 reply since that rule came before the nat rules but that was not the case. I removed the rule and all traffic from 3.3.3.3 to 1.1.1.1 stopped, which I was afraid would happen and it did.
How do I write a rule that allows 3.3.3.3 to talk to 2.2.2.2 but keep the traffic routing back through 1.1.1.1?
Thanks
