Rewriting destination ip address


#1

If you changed your server’s ip address and all the configurations of services (apache, dns etc.) you can think about that new requests always comes to your new ip address but it doesn’t.

Due to the non-sdandard dns caching issues, some of the users still try to connect your old ip address. If you have both of the old ip and new ip working and configured on your server, you can get that connections. But some services can be rely on the specific ip (for example if all the virtual hosts in apache configured for new ip address) to work correctly.

To solve this problem, we can use iptable's NETMAP target to rewrite destination address of incoming packets. This should be done in PREROUTING chain of nat table as below:

iptables -t nat -A PREROUTING -p tcp -d OLD_IP --dport 80 -j NETMAP --to NEW_IP

Above example change all of the destination ip address to NEW_IP on icoming request which is a tcp connection, has destination port of 80 and destination ip of OLD_IP