Tuesday, February 24, 2009

Forward TCP ports to Other Machines

Although such requirement come rare with established data centers and infrastructure but still there are times when it's useful to forward TCP ports to machines that aren't on your local subnet or network. You can easily forward ports on a local network using iptables, but it's more challenging to forward incoming ports on one machine to another in a remote location.


For example, if you're moving and have new IP addresses, your sites might be down for a few days until the DNS changes take effect. By forwarding ports to a remote location, you can leave a machine behind with the sole purpose of listening for those requests on your old IP addresses and forwarding them to your new IP addresses.

To accomplish this task, use the rinetd program. The configuration file for rinetd, typically /etc/rinetd.conf, contains rules about what to forward and where to forward them. Here's the basic syntax:

[source_address] [source_port] [destination_address] [destination_port]

If you have a single server, the command will look something like this:

0.0.0.0 80 192.168.12.100 80

The above command will forward requests on port 80 of the local machine (any IP address) to port 80 on the remote machine 192.168.12.100 (substitute that address for your new IP address).

You can have multiple rules in the file to forward all services to the new system. However, rinetd can't forward FTP ports, since FTP uses more than one port, and it can't forward UDP ports. Despite these limitations, it works quite well.

No comments: