IPtables: Forward port to another host is not working
I am trying out something so this is my test setup:
Setup:
- I have AWS VPC with a public and private subnet.
- I have a host in public subnet with a public IP address (say Host A)
- I have a host in private subnet running nginx on port 80 (Say host B with IP address
10.0.1.132)
What I want to do
I want to access the Webserver on Host B from Internet by visiting Host A.
How
I setup IP forwarding parameter in systctl.conf on host A and then put below iptables rule:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.1.132:80
Issue:
It is not working and I am not able to open the WebPage when I visit host A on port 80
Other info (with respect to AWS VPC Security Group):
- I have
port 80incoming access onhost Afrom0.0.0.0/0 - I have
port 80outgoing access onhost Ato10.0.1.0/24 - I have incoming
port 80access onhost Bfromhost A
Here is the kernel info:
# sysctl -p | grep forward
net.ipv4.ip_forward = 1
Also, I am able to telnet on port 80 from Host A to host B on port 80. So this certifies that my AWS security group is working as expected.
I think I am going wrong on IPtables part. Could help me figure out what is wrong in above setup.
Solution 1:
Do you realize that private host should …
- … have default route pointing back to the router?
- … be SNATed so that its replies would go back?