I have 3 machines with the following IP addresses : –
Machine 1 : – 10.10.10.20 Machine 2 :- 10.10.10.21 Machine 3 : – 10.10.10.22
The jBoss server is started on Machine 1 and Machine 3 is client. If I type 10.10.10.21 (ip address of Machine 2) in the browser on Machine 3, I should be redirected to the the default jBoss page of the jBoss server launched on Machine 1. However, typing 10.10.10.20 (IP address of Machine 1) in the browser on Machine 3 should not work. That is, the client on Machine 3 should be able to access the jBoss server on Machine 1 only through Machine 2 and not directly.
Note that the 3 machines are a part of a private network with a firewall. I was thinking of using iptables on machine 2 (RHEL installed) but I am unable to use it properly.
Can anyone suggest how I can achieve this setup (using iptables or by any other means)
I tried running the the following iptables command on Machine 2: –
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 10.10.10.20
But I am still unable to access Machine 1 from Machine 3 through Machine 2.
Thanks, bot
Best Answer
You could just run a reverse HTTP proxy (Apache, Squid, varnish, nginx) on machine2. This is actually a fairly common configuration with application servers, where a "front-end" proxy is used to provide caching and failover for a backend application.
You would then have iptables rules on machine1 that would only allow connectivity from machine 2.