complex iptables port forwarding, is this possible? - Networking

This is a discussion on complex iptables port forwarding, is this possible? - Networking ; I have a Linux box (which is not the default gw) with iptables running on it, whose ip is 192.168.1.4 I want to forward packets coming to UDP 192.168.1.4:6130, which receives logging data from several remote hosts on the Internet. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: complex iptables port forwarding, is this possible?

  1. complex iptables port forwarding, is this possible?

    I have a Linux box (which is not the default gw) with iptables running on
    it, whose ip is 192.168.1.4

    I want to forward packets coming to UDP 192.168.1.4:6130, which receives
    logging data from several remote hosts on the Internet. The main router on
    the network forwards from WAN:6130 to 192.168.1.4:6130.

    If the original packet came from 5.4.3.1:10001,
    forward (binding to 192.168.1.4:10001) to 192.168.1.8:6130


    If the original packet came from 5.4.3.2:10002,
    forward (binding to 192.168.1.4:10002) to 192.168.1.6:6130


    Is this possible?

    Thanks.

    -szr



  2. Re: complex iptables port forwarding, is this possible?

    Hello,

    szr a écrit :
    > I have a Linux box (which is not the default gw) with iptables running on
    > it, whose ip is 192.168.1.4
    >
    > I want to forward packets coming to UDP 192.168.1.4:6130, which receives
    > logging data from several remote hosts on the Internet. The main router on
    > the network forwards from WAN:6130 to 192.168.1.4:6130.
    >
    > If the original packet came from 5.4.3.1:10001,
    > forward (binding to 192.168.1.4:10001) to 192.168.1.8:6130


    iptables -t nat -A PREROUTING -s 5.4.3.1 -d 192.168.1.4 \
    -p udp --sport 10001 --dport 6130 -j DNAT --to 192.168.1.8:6130
    iptables -t nat -A POSTROUTING -s 5.4.3.1 -d 192.168.1.8 \
    -p udp --sport 10001 --dport 6130 -j SNAT --to 192.168.1.4:10001

    > If the original packet came from 5.4.3.2:10002,
    > forward (binding to 192.168.1.4:10002) to 192.168.1.6:6130


    iptables -t nat -A PREROUTING -s 5.4.3.2 -d 192.168.1.4 \
    -p udp --sport 10002 --dport 6130 -j DNAT --to 192.168.1.6:6130
    iptables -t nat -A POSTROUTING -s 5.4.3.2 -d 192.168.1.6 \
    -p udp --sport 10002 --dport 6130 -j SNAT --to 192.168.1.4:10002

    The SNAT rules are necessary because the box is not the default gateway.

  3. Re: complex iptables port forwarding, is this possible?

    szr wrote:
    > I have a Linux box (which is not the default gw) with iptables running on
    > it, whose ip is 192.168.1.4


    Answered elsewhere. Please don't multipost. If you want to post the same
    question in several newsgroups please crosspost a single message, instead.

    Chris

+ Reply to Thread