This is a simplified description of the development environment at work and I am trying to configure it to facilitate developers using it.
Topology:
The topology of my setup is illustrated below. Description:
- I have 2 virtual machines (vm1 and vm2) running on my bare metal server bm1.
- I have a web server (listening on port 8080) running on vm1.
- I have a public facing router i.e. a public IP with a DNS name, say, www.mysite.com (IP: 10.1.2.3)
- The public facing router has been configured to forward any traffic coming for port 9080 to bare metal server bm1 (192.168.2.51)
Requirement:
I need to be able to reach the web server (vm1-ws1) using the DNS name from both the bare metal server (bm1) and the virtual machines (vm1, vm2) over port 9080 i.e. curl http://www.mysite.com:9080
should work from both the bare metal server as well as the VMs.
Solution attempted:
- I verified that the web serer is reachable from both the bare metal and the VMs using the private IP address i.e.
curl http://192.168.121.29:8080
works from both the bare metal server and the VMs. - I configured IP table rules as:
iptables -t nat -I PREROUTING -p tcp --dport 9080 -j DNAT --to 192.168.121.29:8080
iptables -I FORWARD -d 192.168.121.29 -o virbr1 -j ACCEPT
- After adding the IP table rules, I can access the web server from the VMs but not from the bare metal server. In other words,
curl http://www.mysite.com:9080
works from the VMs but not from the bare metal. It hangs and then times out.
Kindly help me understand where I might be going wrong with the iptables rules config.