Configuration
We have a setup that is as follows:
- Server A that is connected to a large external network (192.168.0.0/24) and a smaller internal network (10.0.0.0/30). It serves as the main interface to connect to different services.
- Server B connected connected only to the smaller internal network (10.0.0.0/30)
- Service S1 running on server B on port 5009
- Forwarding rules of port 5009 from server A to server B
Connecting to the service on port 5009 from a remote server in the larger network is working correctly as expected: Contacting server A on 192.168.0.x:5009 forwards the request to server B and a response is received.
Problem
Another service S2 running on server A that needs to connect to service S1 on server B. To do so, service S2 tries to connect to service S1 on server B using server A's public address 192.168.0.x:5009 (just as done with the remote server) but for some reason this fails (111 - Connection refused). It's as if the port forwarding rules are not applied for the service running on server A.
Note
Connecting to service S1 from server A using server B's address (10.0.0.x:5009) works like a charm. However, due to circumstances, it's not possible to use this address within service S2 so this is not a solution.
nattable in thePREROUTINGchain and works for incoming traffic. Traffic from server A to server A does not go through thePREROUTINGchain and is not forwarded to server B. If so, traffic should be redirected in theOUTPUTchain (solution depends on the system).