Dear all,
I´m testing a server and try to simulate a server in production. We have a SSL certificate and I have configured the test server with the same servername as it is in production. To access it, I change the hosts file in my laptop to reach the test server.
However, the Java application running in the server tries to access some local web content. I have changed the hosts file and some applications (ping, wget) they get the local IP address. However nslookup and maybe our Java application (I didn´t have the programmer available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 -j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
Thanks
Miguel
This message and any attachments are intended for the use of the addressee or addressees only. The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its content is not permitted. If you received this message in error, please notify the sender and delete it from your system. Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
Could be hardcoded in your java app, by hostname or ip?
Just open your java (its a zip renamed) and see file contents (some of files inside, are text plain).
Also, you can find a debuger
Diego Sanchez
Sent from my mobile
-----Original Message----- From: Miguel González miguel_3_gonzalez@yahoo.es Sender: centos-bounces@centos.org Date: Wed, 28 Aug 2013 21:49:31 To: centos@centos.org Reply-To: CentOS mailing list centos@centos.org Subject: [CentOS] redirecting web requests from localhost
Dear all,
I´m testing a server and try to simulate a server in production. We have a SSL certificate and I have configured the test server with the same servername as it is in production. To access it, I change the hosts file in my laptop to reach the test server.
However, the Java application running in the server tries to access some local web content. I have changed the hosts file and some applications (ping, wget) they get the local IP address. However nslookup and maybe our Java application (I didn´t have the programmer available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 -j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
Thanks
Miguel
This message and any attachments are intended for the use of the addressee or addressees only. The unauthorised disclosure, use, dissemination or copying (either in whole or in part) of its content is not permitted. If you received this message in error, please notify the sender and delete it from your system. Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 28.Aug.2013, at 21:49, Miguel González wrote:
So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80-j DNAT --to YYY.YYY.YYY.YYY
I think you has to do POSTROUTING anyway, check the port, it is wrong at least in your post - 80 vs. 443
or
dummy interface, in ifcfg-dummy, something similar to this:
DEVICE=dummy BOOTPROTO=none ONBOOT=yes TYPE=Ethernet NETMASK=255.255.255.255 IPADDR=XXX.XXX.XXX.XXX
On 29.Aug.2013, at 02:55, Markus Falb wrote:
On 28.Aug.2013, at 21:49, Miguel González wrote:
So, how can I redirect for instance 443 traffic to a specific IP to the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 -j DNAT --to YYY.YYY.YYY.YYY
I think you has to do POSTROUTING
hmm, locally generated messages do not pass the PREROUTING AFAIK this was why I was suggesting POSTROUTING, but... POSTROUTING is wrong too according to the manpage for iptables
DNAT: This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains.
If I read it correct, this rule should go into the OUTPUT chain.
From: Miguel González miguel_3_gonzalez@yahoo.es
I´m testing a server and try to simulate a server in production. We have a SSL certificate and I have configured the test server with the same servername as it is in production. To access it, I change the hosts file in my laptop to reach the test server. However, the Java application running in the server tries to access some local web content. I have changed the hosts file and some applications (ping, wget) they get the local IP address. However nslookup and maybe our Java application (I didn´t have the programmer available to debug it) are getting the production server IP.
Or, if you have access to your DNS, you could add a view with match-clients for your IP and a dedicated file that would resolve to your local server IP.
JD
Miguel González wrote:
However, the Java application running in the server tries to accesssome local web content. I have changed the hosts file and some applications (ping, wget) they get the local IP address. However nslookup and maybe our Java application (I didn´t have the programmer available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP tothe local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80-j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
I'm not sure how to manage this on the test server, but I'm pretty sure this would work on the prod server.
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport 443 -s YYY.YYY.YYY.YYY \ -m conntrack --ctstate NEW -j DNAT --to YYY.YYY.YYY.YYY:443 iptables -t nat -A PREROUTING -m conntrack --ctstate \ ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
c
On Wed, 2013-08-28 at 21:49 +0200, Miguel González wrote:
Dear all,
I´m testing a server and try to simulate a server in production. Wehave a SSL certificate and I have configured the test server with the same servername as it is in production. To access it, I change the hosts file in my laptop to reach the test server.
However, the Java application running in the server tries to accesssome local web content. I have changed the hosts file and some applications (ping, wget) they get the local IP address. However nslookup and maybe our Java application (I didn´t have the programmer available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP tothe local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80-j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
Thanks
Miguel
You have the prerouting but you have to forward it as well. This allows a connection on the Internet to make a connection to a internal machine on my local network. Router machine's local network ip 10.0.0.1 on eth1. 10.0.0.5 internal machine.
iptables -A FORWARD -p tcp -i ppp0 -o eth1 -d 10.0.0.5 --dport 1234 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 1234 -j DNAT --to-destination 10.0.0.5:1234
ip and ports changed to protect the guilty :)
Gary.
-
Carl T. Miller -
diegors@gmail.com -
Gary Hodder -
John Doe -
Markus Falb -
Miguel González