Messing with IP's won't help because often you'd have one public IP on the NAT with multiple public ports that are translated to multiple private IP's on port 8089. Something like this:
- pub_ip:pub_port_1 -> priv_ip_1:8089
- pub_ip:pub_port_2 -> priv_ip_2:8089
What you need is to rewrite destination IP and port on your search heads to point to PUBLIC IP and port. Here is how:
#!/bin/bash
PATH=/bin:/usr/bin:/user/local/bin:/sbin:/usr/sbin:/usr/local/sbin
REMOTE_PUB_IP=<your_public_ip_here>
REMOTE_PUB_PORT=(8089 8090 8091)
REMOTE_PRV_IP=(your_private_ips_here, separated by space)
REMOTE_PRV_PORT=(8089 8089 8089)
run_cmd () {
if [[ -z "$DEBUG" ]]; then
$*
else
echo $*
fi
}
# Enable IP forwarding
sysctl net.ipv4.ip_forward=1
# Flush all NAT rules
iptables -t nat -F
(( max_index = ${#REMOTE_PUB_PORT[*]} - 1 ))
for i in $( seq 0 $max_index ); do
run_cmd "iptables -t nat -A PREROUTING -p tcp --dest ${REMOTE_PRV_IP[i]} --dport ${REMOTE_PRV_PORT[i]} -j DNAT --to ${REMOTE_PUB_IP}:${REMOTE_PUB_PORT[i]}"
run_cmd "iptables -t nat -A OUTPUT -p tcp --dest ${REMOTE_PRV_IP[i]} --dport ${REMOTE_PRV_PORT[i]} -j DNAT --to ${REMOTE_PUB_IP}:${REMOTE_PUB_PORT[i]}"
done
Anybody knows how to do that using firewall-cmd?
... View more