8. CACHE Port Forwarding

Computers in the local network cannot be accessed from outside, because the proxy server is the only visible point of the local network. However, we need to access from outside the CACHE server (port 1972) which is in a machine behind the proxy server. This is done using port forwarding; whenever the proxy server gets a packet with a destination port 1972, it forwards it to the CACHE server in the local network (this is called DNAT -- Destination Network Address Translation). Then, the packets that come from the CACHE server are forwarded to the outside machine. The outside machine thinks that it is the proxy that is replying to it, although in fact it is a machine behind the proxy that handles its request.

Port forwarding is enabled by the script /usr/local/config/port-forward , which is as follows:

bash# vi /usr/local/config/port-forward

#!/bin/bash
# forward the port to the DB server
PORT=1972

### include the network configuration file
. /usr/local/config/network-config

### enable forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward

### forward the port
/sbin/iptables -t nat -A PREROUTING \
               -p tcp -d $ETH0_IP --dport $PORT \
               -j DNAT --to-destination $CACHE_IP

### in case that $ETH1 is not gateway for $CACHE_IP
### but it doesn't hurt even if $ETH1 is gateway for it
/sbin/iptables -t nat -A POSTROUTING \
               -p tcp -d $CACHE_IP --dport $PORT \
               -j SNAT --to-source $ETH1_IP