Routing all data from one IP to another in Linux (CentOS)

Tags:
CentOS
Linux
Networking
I like to route all data that is coming in at one IP address of my server to another IP address somewhere else on the internet. For example: My server has 2 IP addresses: 1.1.1.1 and 2.2.2.2 All the data that is coming in at IP address 2.2.2.2 should be forwarded to address 3.3.3.3 (this address it not in my network) So if I surf with a browser to http://2.2.2.2/ this should be the same outcome as going tohttp://3.3.3.3/ I like to do this from within the console of a CentOS Linux distro.
0

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TheRealRaven
    Redirecting a HTTP request to a different address is a long way from "rout[ing] all data that is coming in at one IP address of my server to another IP address somewhere else on the internet". Can you clarify what you actually need? If you want to "route all data", what's the point of having the 2.2.2.2 address at all?

    And do you want to "route all data" or is it that you want to redirect connection requests? "All" of them, for any server?
    33,080 pointsBadges:
    report
  • maartenvika
    Hello, thank you for your reply.
    What I want to do is making a variable IP address (3.3.3.3) fix (2.2.2.2). This can be HTTP request, SSH, VPN, SMTP, RDP, ... (so all ports). Indeed it is redirection. So if a request for 2.2.2.2 is coming in on the server it should redirect/forward/route all data to 3.3.3.3 (this IP is not on my network but it is a variable IP of an ISP)
    25 pointsBadges:
    report
  • TheRealRaven
    If a request comes in for httP://2.2.2.2, you want the request forwarded to http://3.3.3.3. Then 3.3.3.3 will return the requested page back to... where?

    If it comes back to 2.2.2.2, it'll then be redirected to 3.3.3.3 because "all data" is sent to 3.3.3.3. And if it gets sent back to the requester, well... it can't be sent to the requester because 3.3.3.3 doesn't even know the requester exists.

    Essentially what you're asking for is a "man-in-the-middle" function, but running on every possible port on 2.2.2.2. Performance would be relatively poor if nothing else. Every packet would need to be reconstructed. The function would need to track each redirected packet so that every response could be linked back to each originating request.

    I suppose it's possible, but it seems like a pretty complex mess. I don't know of anything useful that does it.
    33,080 pointsBadges:
    report
  • maartenvika
    Now I have setup this:
    # iptables -t nat -A PREROUTING -d 2.2.2.2 -j DNAT --to-destination 3.3.3.3
    # iptables -A FORWARD -s 3.3.3.3 -j ACCEPT
    # iptables -A FORWARD -d 3.3.3.3 -j ACCEPT

    With tcpdump I can see that: 
    (I do a ping request from 9.9.9.9 to 2.2.2.2)
    - at 2.2.2.2 I get the request and forward it to 3.3.3.3
    - at 3.3.3.3 i get the forwarded request and respond directly to 9.9.9.9

    With ping it seems to work, but when I try to do a telnet to port 22,25,80, ... I see the same with tcpdump but I cant connect to it.
    (it this because the request goes to 2.2.2.2 and gets back from 3.3.3.3 directly?

    25 pointsBadges:
    report
  • TheRealRaven
    Port forwarding would make very good sense to redirect to a server (or servers) inside your network. It's an interesting twist to try to redirect back out the WAN side of things, and it's doubly interesting to try to do it via iptables in your Linux system. You'll certainly want to coordinate with any router settings for your network.

    I haven't heard of anyone working out all potential details before.

    A logical network diagram showing router(s), firewall(s), sub-net(s), interfaces and (static) routes should be done. Make sure all involved devices are included. With that available, packet flow diagrams can be created to define how they should pass between end-points. With those in hand, progress might be possible.

    I'm not sure how actual packet routing would be tracked. Traceroute can be helpful for this. You'll want to send using multiple protocols so you don't just get ICMP results. Linux traceroute generally allows specifying any protocol and port.

    A Linux system outside your network should give interesting results and help you to tune iptables to fit your need -- if it can be made to work within the rest of the network structure. Good luck.
    33,080 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: