0

I have 4 servers behind a load balancer, but only 1 of them is running a particular service. I want three of them to forward requests to the fourth, based on the port. So, at present all 4 are running nginx on port 80, but only one is running the required service on port 7070.

All 4 are amazon EC2 instances running CentOS 5, behind an amazon elastic load balancer. I've setup the load balancer to forward port 7070 through to all the machines. I need server 1,2 and 3 to forward requests to port 7070 through to port 7070 on server 4 (which is running the service).

I did try a few existing question/answers here on sf, but for whatever reason i instantly lost connectivity to my servers and had to reboot; seeing as theses servers are running live services, I was suddenly nervous about trying a hit and miss approach!

So just to be clear, servers 1, 2 and 3 do not run anything on port 7070, but server 4 does. None of them are running any other type of port forwarding, so IP Tables isn't setup at all at present.

Thanks.

MattPark
  • 303
Tom
  • 1

1 Answers1

0

In terms of why this didn't work for you based on the previous instructions, I'm guessing iptables blocked everything by default. If you followed an existing set of instructions from this site (say, this one), they probably didn't also include instructions for making sure the ports you need are also opened. You'll want 22 for SSH, 80 for your web server, and possibly others.

Reasonable guide: https://help.ubuntu.com/community/IptablesHowTo

Note this command which will ensure established sessions (e.g. your current SSH session) will continue to work even if you block yourself:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Since you are using EC2, I'd recommend booting up a 5th instance outside of your load balanced, production set, for testing. Sometimes setting up dev/production splits is hard or expensive, but not with EC2. The six cents will be well worth if it you break something.

Note that rebooting wiped your test rules out; once you have something set up that you tested and approve of, be sure to use iptables-save.

Community
  • 1
Mike
  • 311