1

I have just moved from one hosting environment to another, and my networking has changed somewhat.

Previously, requests from a server to its own external IP address were routed to localhost and the ping times were indistinguishable from pinging localhost:

wg@akl2:~$ ping akl2.wb.gs
PING akl2.wb.gs (112.109.67.244) 56(84) bytes of data.
64 bytes from akl2.wb.gs (112.109.67.244): icmp_seq=1 ttl=64 time=0.059 ms
64 bytes from akl2.wb.gs (112.109.67.244): icmp_seq=2 ttl=64 time=0.031 ms
[...]
wg@akl2:~$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.033 ms

Now I'm in an OpenStack environment, and the ping times are very different:

ubuntu@legacy1:~$ ping legacy1.webgenius.co.nz
PING legacy1.webgenius.co.nz (103.250.241.12) 56(84) bytes of data.
64 bytes from 103-250-241-12.rev.nz-hlz-1.catalystcloud.nz (103.250.241.12): icmp_seq=1 ttl=63 time=0.912 ms
64 bytes from 103-250-241-12.rev.nz-hlz-1.catalystcloud.nz (103.250.241.12): icmp_seq=2 ttl=63 time=0.643 ms
[...]
ubuntu@legacy1:~$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.033 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.051 ms

The above two requests should be completely local, as in they should not leave the machine.

How can I route those requests to the local interface?

Improve this question

2 Answers 2

Reset to default
4

My guess is in the latter case, 103.250.241.12 isn't directly configured on the server (as in, if you run ip a, you'll probably see a private IP instead of the aforementioned IP), even if the IP is dedicated to it by 1:1 NAT.

If my guess is true, and 103.250.241.12 is not (too) ephemeral, you can consider:

iptables -t nat -I OUTPUT -d 103.250.241.12 -j REDIRECT

See iptables-extensions(8) for details.

Improve this answer
3
  • Legend! That worked nicely, thanks heaps. For a bonus point, any ideas how to make it work inside a Docker container? 😁
    – Matt Parlane
    Commented Aug 22, 2021 at 6:34
  • inside a Docker container is vague, since you can have different networking mode and different kind of setups. If you need the container itself to responds to the requests (to 103.250.241.12), then you should probably just add the iptables rule in the container. If you want the container host to responds to the requests (to 103.250.241.12) from its containers, then you might want something like iptables -t nat -I PREROUTING -i name_of_the_docker_bridge -d 103.250.241.12 -j REDIRECT on the host (assuming you are using a forwarded/NAT'd bridge setup).
    – Tom Yan
    Commented Aug 22, 2021 at 6:44
  • I just ran the same command inside the container and it worked nicely, not sure why I didn't think of that... Thanks again! I'll buy you a beer some time.
    – Matt Parlane
    Commented Aug 22, 2021 at 7:02
2

In addition to the other answer:

If all requests are made by hostname, you can also add legacy1.webgenius.co.nz to /etc/hosts and have it resolve to 127.0.0.1. No iptables needed.

And do check ip addr as recommended.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .