Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 14th November 2012, 14:50
eko_taas eko_taas is offline
Join Date: Feb 2011
Posts: 92
Thanks: 2
Thanked 12 Times in 10 Posts
Question iptables PREROUTING on ISPC3 and OpenVZ


System: Debian Squeeze (node+VMs) + OpenVZ + 2xISPC3 (, one VM-node and ISPC3 others) close to HowTos
(all with default ports)
All good on intranet... but.....

Long time back I started to use Pre-routing for external ports to have 2+ (physical) machines running under same IP:

Now I have tried to replicate idea to VMs, but phasing interesting problem - OpenVZ seems to forward my request to wrong IP (always node).

- ADSL-Router Port forward
5000-5099 => 192.168.xxx.1 (node)
5100-5199 => 192.168.xxx.2 (1st VM for ISPC3)

My idea was to Pre-route ports to original at high level (Node Firewall pre-chain), so I added to Node's firewall /etc/Bastille/firewall.d/pre-chain-split.sh test rules as root:

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 5002 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 5003 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 5102 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 5103 -j REDIRECT --to-ports 8080
and then restarted firewall
/etc/init.d/bastille-firewall restart
Now on client, all OK with
ssh -p 5002 nodeuser@example.com
but when
ssh -p 5102 serveruser@example.com
no success. but I changing user name
ssh -p 5102 nodeuser@example.com
i.e. I logged in to Node, not to Server

Same for ISPConfig3-console, all https://example.com:5103 (ment for Server goes to Node).

I tried to look into OpenVZ-wiki, but could not find yet Pre-routing advice
Also if I go ahead with "Setting up a HN-based firewall"-way, any special things I have to consider due ISPC3? Obviously VM-conf:s have to be cerated manually (which I wanted to avoid by using above shortcut).
Reply With Quote
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVZ container config for ISP3 theWeird Installation/Configuration 1 22nd February 2011 11:21

All times are GMT +2. The time now is 23:14.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.