IP Forwarding is not working in Azure Linux VM

%3CLINGO-SUB%20id%3D%22lingo-sub-1424815%22%20slang%3D%22en-US%22%3EIP%20Forwarding%20is%20not%20working%20in%20Azure%20Linux%20VM%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1424815%22%20slang%3D%22en-US%22%3E%3CP%3EHello%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20use%20IPtables%20and%20it's%20NAT%20functionality%20in%20a%20Linux%20VM%20in%20Azure%20to%20make%20a%20network%20connection%20work.%20I%20have%20a%20RHEL%20Linux%20VM%20in%20Azure.%20It%20has%20two%20interfaces%20eth0%20%26amp%3B%20eth1.%20I%20have%20a%20Windows%20Server%20VM%20behind%20this%20linux%20box%20with%20their%20route%20pointing%20to%20eth0.%3C%2FP%3E%3CP%3EMy%20goal%20here%20is%20for%20the%20traffic%20entering%20my%20Linux%20VM%20through%20eth0%20targeting%20a%20DEST%20IP%20ADDRESS%20should%20be%20forwarded%20to%20eth1%20of%20the%20Linux%20VM%20and%20the%20traffic%20should%20be%20applied%20a%20Source%20NAT%20with%20the%20eth1%20IP%20address%3C%2FP%3E%3CP%3EI%20added%20the%20below%20iptables%20rule%20to%20forward%20all%20the%20traffic%20entering%20through%20eth0%20to%20eth1%20and%20made%20sure%20this%20is%20in%20the%20top%20of%20the%20FORWARD%20chain%3C%2FP%3E%3CP%3E%24iptables%20-A%20FORWARD%20-i%20eth0%20-d%20DEST%20IP%20ADDRESS%20-o%20eth1%20-j%20ACCEPT%3C%2FP%3E%3CP%3EI%20used%20the%20below%20command%20to%20enable%20the%20IP%20forwarding%20in%20my%20linux%20box%3C%2FP%3E%3CP%3Esysctl%20-w%20net.ipv4.ip_forward%3D1%3C%2FP%3E%3CP%3EI%20used%20the%20below%20command%20so%20that%2C%20all%20the%20traffic%20leaving%20through%20eth1%20will%20be%20applied%20a%20Source%20NAT%20with%20the%20eth1%20IP%20address%3C%2FP%3E%3CP%3E%24iptables%20-t%20nat%20-A%20POSTROUTING%20-d%20DEST%20IP%20ADDRESS%20-o%20eth1%20-j%20MASQUERADE%3C%2FP%3E%3CP%3ENow%20when%20I%20start%20testing%2C%20I%20see%20the%20traffic%20that%20I%20am%20generating%20to%20the%20DEST%20IP%20Address%20hitting%20the%20eth0%20interface%20but%20I%20do%20not%20see%20that%20traffic%20being%20forwarded%20to%20eth1.%20Packet%20capture%20on%20eth1%20doesn't%20show%20any%20traffic%20I%20also%20have%20my%20default%20route%20on%20the%20Linux%20machine%20pointing%20to%20eth1%3C%2FP%3E%3CP%3ECan%20anyone%20please%20help%20me%20understand%20where%20I%20went%20wrong%20and%20how%20can%20I%20make%20this%20work%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1424815%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EVirtual%20Network%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Visitor

Hello

 

I am trying to use IPtables and it's NAT functionality in a Linux VM in Azure to make a network connection work. I have a RHEL Linux VM in Azure. It has two interfaces eth0 & eth1. I have a Windows Server VM behind this linux box with their route pointing to eth0.

My goal here is for the traffic entering my Linux VM through eth0 targeting a DEST IP ADDRESS should be forwarded to eth1 of the Linux VM and the traffic should be applied a Source NAT with the eth1 IP address

I added the below iptables rule to forward all the traffic entering through eth0 to eth1 and made sure this is in the top of the FORWARD chain

$iptables -A FORWARD -i eth0 -d DEST IP ADDRESS -o eth1 -j ACCEPT

I used the below command to enable the IP forwarding in my linux box

sysctl -w net.ipv4.ip_forward=1

I used the below command so that, all the traffic leaving through eth1 will be applied a Source NAT with the eth1 IP address

$iptables -t nat -A POSTROUTING -d DEST IP ADDRESS -o eth1 -j MASQUERADE

Now when I start testing, I see the traffic that I am generating to the DEST IP Address hitting the eth0 interface but I do not see that traffic being forwarded to eth1. Packet capture on eth1 doesn't show any traffic I also have my default route on the Linux machine pointing to eth1

Can anyone please help me understand where I went wrong and how can I make this work?

0 Replies