Posted by chantra on December 6th, 2008
While doing a server migration, it happens that some traffic still go to the old machine because the DNS servers are not yet synced or simply because some people are using the IP address instead of the domain name....
By using iptables and its masquerade feature, it is possible to forward all traffic to the old server to the new IP.
This tutorial will show which command lines are required to make this possible.
In this article, it is assumed that you do not have iptables running, or at least no nat table rules for chain PREROUTING and POSTROUTING.
The first thing to do is do enable IP forwarding. This is done either by using:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# sysctl net.ipv4.ip_forward=1
Then, we will add a rule telling to forward the traffic on port 1111 to ip 184.108.40.206 on port 1111:
# iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 220.127.116.11:1111
and finally, we ask IPtables to masquerade:
iptables -t nat -A POSTROUTING -j MASQUERADE
Optionally, you could only redirect the traffic from a specific source/network with, for a host only:
# iptables -t nat -A PREROUTING -s 192.168.1.1 -p tcp --dport 1111 -j DNAT --to-destination 18.104.22.168:1111
or for a whole network
# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 1111 -j DNAT --to-destination 22.214.171.124:1111
that's it, now the traffic to port 1111 will be redirected to IP 126.96.36.199 .
If you go on host 188.8.131.52, you should see a lot of traffic coming from the host doing the redirection.