Dear all,
I?m testing a server and try to simulate a server in production. We
have a SSL certificate and I have configured the test server with the
same servername as it is in production. To access it, I change the hosts
file in my laptop to reach the test server.
However, the Java application running in the server tries to access
some local web content. I have changed the hosts file and some
applications (ping, wget) they get the local IP address. However
nslookup and maybe our Java application (I didn?t have the programmer
available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP to
the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80
-j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
Thanks
Miguel
This message and any attachments are intended for the use of the addressee or
addressees only. The unauthorised disclosure, use, dissemination or copying
(either in whole or in part) of its content is not permitted. If you received
this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
diegors at gmail.com
2013-Aug-28 21:16 UTC
[CentOS] redirecting web requests from localhost
Could be hardcoded in your java app, by hostname or ip?
Just open your java (its a zip renamed) and see file contents (some of files
inside, are text plain).
Also, you can find a debuger
Diego Sanchez
Sent from my mobile
-----Original Message-----
From: Miguel Gonz?lez <miguel_3_gonzalez at yahoo.es>
Sender: centos-bounces at centos.org
Date: Wed, 28 Aug 2013 21:49:31
To: <centos at centos.org>
Reply-To: CentOS mailing list <centos at centos.org>
Subject: [CentOS] redirecting web requests from localhost
Dear all,
I?m testing a server and try to simulate a server in production. We
have a SSL certificate and I have configured the test server with the
same servername as it is in production. To access it, I change the hosts
file in my laptop to reach the test server.
However, the Java application running in the server tries to access
some local web content. I have changed the hosts file and some
applications (ping, wget) they get the local IP address. However
nslookup and maybe our Java application (I didn?t have the programmer
available to debug it) are getting the production server IP.
So, how can I redirect for instance 443 traffic to a specific IP to
the local IP address of the local server? I have tried this:
iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80
-j DNAT --to YYY.YYY.YYY.YYY
XXX.XXX.XXX.XXX - IP of production server
YYY.YYY.YYY.YYY - local IP of the test server
Thanks
Miguel
This message and any attachments are intended for the use of the addressee or
addressees only. The unauthorised disclosure, use, dissemination or copying
(either in whole or in part) of its content is not permitted. If you received
this message in error, please notify the sender and delete it from your system.
Emails can be altered and their integrity cannot be guaranteed by the sender.
Please consider the environment before printing this email.
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos
diegors at gmail.com
2013-Aug-28 21:55 UTC
[CentOS] redirecting web requests from localhost
IF (IF) is trying to get data by hostname, dnsmasq maybe could help. IF (IF) is by ip addres, problem still here. First he need understand how is working the app or wait to developer. I prefer lost 2 minutes with grep, that a lot of minutes with dnsmasq AND 2 minutes with grep later.. Diego Sanchez Sent from my mobile -----Original Message----- From: Reindl Harald <h.reindl at thelounge.net> Date: Wed, 28 Aug 2013 23:38:49 To: CentOS mailing list<centos at centos.org> Cc: <miguel_3_gonzalez at yahoo.es>; <diegors at gmail.com> Subject: Re: [CentOS] redirecting web requests from localhost Am 28.08.2013 21:49, schrieb "Miguel Gonz?lez" <miguel_3_gonzalez at yahoo.es>":> I'm testing a server and try to simulate a server in production. We > have a SSL certificate and I have configured the test server with the > same servername as it is in production. To access it, I change the hosts > file in my laptop to reach the test server. > > I have changed the hosts file and some > applications (ping, wget) they get the local IP address. However > nslookup and maybe our Java application (I didn?t have the programmer > available to debug it) are getting the production server IPif a application makes a DNS request then it asks DNS and not /etc/hosts - period yum install dnsmasq man dnsmasq Am 28.08.2013 23:16, schrieb diegors at gmail.com:> Could be hardcoded in your java app, by hostname or ip?learn basics, see above the application is not interested in /etc/hosts - why? because /etc/hosts doesn't support record types like MX, TXT, SRV, SPF.... http://blog.defunct.ca/2009/09/29/postfix-etchosts/
On 28.Aug.2013, at 21:49, Miguel Gonz?lez wrote:> So, how can I redirect for instance 443 traffic to a specific IP to > the local IP address of the local server? I have tried this: > > iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 > -j DNAT --to YYY.YYY.YYY.YYYI think you has to do POSTROUTING anyway, check the port, it is wrong at least in your post - 80 vs. 443 or dummy interface, in ifcfg-dummy, something similar to this: DEVICE=dummy BOOTPROTO=none ONBOOT=yes TYPE=Ethernet NETMASK=255.255.255.255 IPADDR=XXX.XXX.XXX.XXX -- Markus
From: Miguel Gonz?lez <miguel_3_gonzalez at yahoo.es>> ? ? I?m testing a server and try to simulate a server in production. We > have a SSL certificate and I have configured the test server with the > same servername as it is in production. To access it, I change the hosts > file in my laptop to reach the test server. > ? ? However, the Java application running in the server tries to access > some local web content. I have changed the hosts file and some > applications (ping, wget) they get the local IP address. However > nslookup and maybe our Java application (I didn?t have the programmer > available to debug it) are getting the production server IP.Or, if you have access to your DNS, you could add a view with match-clients for your IP and a dedicated file that would resolve to your local server IP. JD
Miguel Gonz?lez wrote:> However, the Java application running in the server tries to access > some local web content. I have changed the hosts file and some > applications (ping, wget) they get the local IP address. However > nslookup and maybe our Java application (I didn?t have the programmer > available to debug it) are getting the production server IP. > > So, how can I redirect for instance 443 traffic to a specific IP to > the local IP address of the local server? I have tried this: > > iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 > -j DNAT --to YYY.YYY.YYY.YYY > > XXX.XXX.XXX.XXX - IP of production server > > YYY.YYY.YYY.YYY - local IP of the test serverI'm not sure how to manage this on the test server, but I'm pretty sure this would work on the prod server. echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport 443 -s YYY.YYY.YYY.YYY \ -m conntrack --ctstate NEW -j DNAT --to YYY.YYY.YYY.YYY:443 iptables -t nat -A PREROUTING -m conntrack --ctstate \ ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE c
On Wed, 2013-08-28 at 21:49 +0200, Miguel Gonz?lez wrote:> Dear all, > > I?m testing a server and try to simulate a server in production. We > have a SSL certificate and I have configured the test server with the > same servername as it is in production. To access it, I change the hosts > file in my laptop to reach the test server. > > However, the Java application running in the server tries to access > some local web content. I have changed the hosts file and some > applications (ping, wget) they get the local IP address. However > nslookup and maybe our Java application (I didn?t have the programmer > available to debug it) are getting the production server IP. > > So, how can I redirect for instance 443 traffic to a specific IP to > the local IP address of the local server? I have tried this: > > iptables -t nat -A PREROUTING -d XXX.XXX.XXX.XXX -p tcp --dport 80 > -j DNAT --to YYY.YYY.YYY.YYY > > XXX.XXX.XXX.XXX - IP of production server > > YYY.YYY.YYY.YYY - local IP of the test server > > Thanks > > MiguelYou have the prerouting but you have to forward it as well. This allows a connection on the Internet to make a connection to a internal machine on my local network. Router machine's local network ip 10.0.0.1 on eth1. 10.0.0.5 internal machine. iptables -A FORWARD -p tcp -i ppp0 -o eth1 -d 10.0.0.5 --dport 1234 -j ACCEPT iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 1234 -j DNAT --to-destination 10.0.0.5:1234 ip and ports changed to protect the guilty :) Gary.