Score:0

Route all connections to specific IP through another server with Iptables

bh flag

I have 2 servers in the cloud where one has access to stfp on port 22 to IP x.x.x.x

Server 1 has access

Server 2 does not have access.

So i want to reroute all connections to ip x.x.x.x through server 1 from server 2 with iptables.

The problem

Problem is our application connects to a hardcoded domain. if possible i would avoid having our code changed. So the best scenario would be somehow make the "stfp" connections from server 1 go through server 2 only for this specific domain. Without changing the code.

Update

Server 2 cannot have access atm because of our third party provider. They can take weeks to get a hold off. I know its not optimal. But right now server 1 has access to our third party provider. But server 2 dont.

Update 2

I know its possible to do local port forwarding with ssh and then jump through that with stfp. It's also possible to use stfp with jump host directly. but these options would introduce change to our code, which is a solution (Maybe the best). But if it was possible to handle this on the network layer in a clean way. That would be prefered.

Nikita Kipriyanov avatar
za flag
Is there a reason to use exactly iptables? If server2 has SSH access to server1, it could be better to just use server1 as a jumphost; in that case you have nothing to configure on server1 and only add few lines to ssh client config on server2, nothing system-wide is required.
Aidvi avatar
bh flag
Problem is our application connects to a hardcoded domain. if possible i would like to avoid having our code changed. So the best scenario would be somehow to make "stfp" connections from server 1 go through server 2 only for this specific domain. Without changing the code.
A. Trevelyan avatar
id flag
If server2 also needs access to x.x.x.x:22, wouldn't the simplest and most optimal solution be to give server2 access as well? I imagine it would be just a firewall rule or ACL entry or something. Is there some compelling reason this isn't an option?
Nikita Kipriyanov avatar
za flag
I am wondering too, why server2 couldn't be given a direct access? I mean, certainly it is possible to do that using NAT on server1, but that would be ugly and that could also create more problems (in the future) than solve.
Aidvi avatar
bh flag
Server 2 cannot have access atm because of our third party provider. They can take weeks to get a hold off. I know its not optimal. But right now server 1 has access to our third party provider. But server 2 dont.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.