Revision history [back]

click to hide/show revision 1
initial version

Get remote IP in OpenStack virtual machine accessed via NAT

I have a number of Ubuntu 16.04 VMs within a OpenStack project. As I have only one floating IP, I used one of the VMs as a gateway server (IP: with iptables port forwarding to have access to all the VMs from outside via Internet. One VM is used as a web server (IP: I have a NAT rule for this VM in /etc/iptables/rules.v4 as follows:

-A PREROUTING -p tcp -m tcp --dport 8002 -j DNAT --to-destination

As I wanted, I have access to the web server from floating_ip:8002. However, as postrouting masquerades any outgoing packet including forwarded packet, all forwarded packets appear to come from the gateway server (, which is not wanted. My question is how to prevent masquerading the forwarded packet so that I can get the real remote IP accessing the web server. There was a suggestion in to use out-bound interface, but I am not sure which interface to use as I can see only one interface (eth0) in the gateway server and it doesn't work with -o eth0.

I very much appreciate for your suggestion or answer.