Skip to main content
Super User

Return to Question

Became Hot Network Question
Add inline picture
Source Link
edit approved Jul 2 at 8:34
Markus Meyer
edit approved Jul 2 at 8:34
Markus Meyer
  • 1.7k
  • 6
  • 13
  • 18

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup https://i.sstatic.net/FLmI54Vo.pngImage of my setup

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup https://i.sstatic.net/FLmI54Vo.png

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup

deleted 9 characters in body
Source Link
pSycHEdELia
pSycHEdELia
  • 11
  • 2

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup. https://i.sstatic.net/FLmI54Vo.png

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup.

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup https://i.sstatic.net/FLmI54Vo.png

Source Link
pSycHEdELia
pSycHEdELia
  • 11
  • 2

Cannot reach web server in vm from bare metal using DNS after iptables rules forward packets to virtual bridge

This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.

Topology:

The topology of my setup is illustrated below. Description:

  1. I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
  2. I have a web server (listening on port 8080) running on vm1.
  3. I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
  4. The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)

Requirement:

I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080 should work from both the bare metal server as well as the VMs.

Solution attempted:

  1. I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e. curl http://192.168.121.29:8080 works from both the bare metal server and the VMs.
  2. I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080 
iptables -I FORWARD -d  192.168.121.29 -o virbr1 -j ACCEPT
  1. After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words, curl http://www.mysite.com:9080 works from the VMs but not from the bare metal. It hangs and then times out.

Kindly help me understand where I might be going wrong with the iptables rules config.

Image of my setup.