tunneling in centos between 2 server

Issues related to configuring your network
Post Reply
rigrogo
Posts: 2
Joined: 2022/11/30 11:31:38

tunneling in centos between 2 server

Post by rigrogo » 2022/11/30 11:42:20

hello,
i have 2 server (centos 7) , A and B, in server B i install oscerv with 555 tcp port.
with my android phone i can conect with openconnect to server B.
but i want to connect server B using openconnect in android, and server B connect to server A.
in internet i found this code but its for ubunto

sudo sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 555 -j DNAT --to-destination ServerB:555
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

----
help me for centos ...

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: tunneling in centos between 2 server

Post by jlehtone » 2022/11/30 14:35:22

rigrogo wrote:
2022/11/30 11:42:20
i want to connect server B using openconnect in android, and server B connect to server A.
It is not entirely clear what to where. Lets call android "C".
You can form openconnect connection between C and B.

I might be wrong, but it seems that you want:
Pretend to connect to B, but in reality form openconnect connection between C and A.
In this case B merely relays (routes) the connection between C and A. C thinks it talks to B and A thinks it talks to B.

Code: Select all

sudo sysctl net.ipv4.ip_forward=1
Temporarily enables routing. It adjusts kernel, but does not persist on reboot.

Code: Select all

iptables -t nat -A PREROUTING -p tcp --dport 555 -j DNAT --to-destination ServerB:555
Redirects packages that do come to my port 555 into B's port 555. If this rule is in B, it makes no difference as B is "me".
If B has rule "--to-destination A:555", then packet from C to B:555 will not go to oscerv in B, but willl be routed to port 555 of A.

Well, it would go, if the filter table would allow forwarding traffic. The default is to not allow such thing.

Code: Select all

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
All packets that do leave this machine are marked: "From me". If this rule is in B and B can route, then packet that entered B with "from=C to=B:555" will leave B with "from=B to=A:555".

Calling iptables adjusts kernel, but does not persist on reboot.


The default method to configure firewall in CentOS 7 is to use firewalld.service. One has to use tool firewall-cmd to configure FirewallD.
See man firewall-cmd

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: tunneling in centos between 2 server

Post by TrevorH » 2022/11/30 17:29:19

and if using firewalld (the default) then do not use iptables commands to add rules. If firewalld sees those rules, it will think they should not be there and will remove them.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

rigrogo
Posts: 2
Joined: 2022/11/30 11:31:38

Re: tunneling in centos between 2 server

Post by rigrogo » 2022/12/01 22:40:06

jlehtone wrote:
2022/11/30 14:35:22
rigrogo wrote:
2022/11/30 11:42:20
i want to connect server B using openconnect in android, and server B connect to server A.
It is not entirely clear what to where. Lets call android "C".
You can form openconnect connection between C and B.

I might be wrong, but it seems that you want:
Pretend to connect to B, but in reality form openconnect connection between C and A.
In this case B merely relays (routes) the connection between C and A. C thinks it talks to B and A thinks it talks to B.

Code: Select all

sudo sysctl net.ipv4.ip_forward=1
Temporarily enables routing. It adjusts kernel, but does not persist on reboot.

Code: Select all

iptables -t nat -A PREROUTING -p tcp --dport 555 -j DNAT --to-destination ServerB:555
Redirects packages that do come to my port 555 into B's port 555. If this rule is in B, it makes no difference as B is "me".
If B has rule "--to-destination A:555", then packet from C to B:555 will not go to oscerv in B, but willl be routed to port 555 of A.

Well, it would go, if the filter table would allow forwarding traffic. The default is to not allow such thing.

Code: Select all

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
All packets that do leave this machine are marked: "From me". If this rule is in B and B can route, then packet that entered B with "from=C to=B:555" will leave B with "from=B to=A:555".

Calling iptables adjusts kernel, but does not persist on reboot.


The default method to configure firewall in CentOS 7 is to use firewalld.service. One has to use tool firewall-cmd to configure FirewallD.
See man firewall-cmd
thank you ...

and also i have another problem, now i can connect to my vpn server with cisco anyconnect version 4.8 and lower version , but i cant connect with anyconnect 4.9 and up !
4.8 and lower version ask me for accept certificate then ask for user and pass, but 4.9 and up " connecting ... please wait ".
openconnect app is OK!

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: tunneling in centos between 2 server

Post by jlehtone » 2022/12/02 09:35:56

I've used ssh and openvpn for tunneling; name "cisco" gives an eerie feeling to me.

Post Reply