Posted by chantra on December 6th, 2008
While doing a server migration, it happens that some traffic still go to the old machine because the DNS servers are not yet synced or simply because some people are using the IP address instead of the domain name....
By using iptables and its masquerade feature, it is possible to forward all traffic to the old server to the new IP.
This tutorial will show which command lines are required to make this possible.
In this article, it is assumed that you do not have iptables running, or at least no nat table rules for chain PREROUTING and POSTROUTING.
The first thing to do is do enable IP forwarding. This is done either by using:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# sysctl net.ipv4.ip_forward=1
Then, we will add a rule telling to forward the traffic on port 1111 to ip 188.8.131.52 on port 1111:
# iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 184.108.40.206:1111
and finally, we ask IPtables to masquerade:
iptables -t nat -A POSTROUTING -j MASQUERADE
Optionally, you could only redirect the traffic from a specific source/network with, for a host only:
# iptables -t nat -A PREROUTING -s 192.168.1.1 -p tcp --dport 1111 -j DNAT --to-destination 220.127.116.11:1111
or for a whole network
# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 1111 -j DNAT --to-destination 18.104.22.168:1111
that's it, now the traffic to port 1111 will be redirected to IP 22.214.171.124 .
If you go on host 126.96.36.199, you should see a lot of traffic coming from the host doing the redirection.