Join Log in
Score:0
avatar Server

Forward broadcast packets to dynamic / wildcard

cn flag
Sidefix

I have set up a dynamic ppp service on a linux machine where clients will connect and get a private IP.

The rules I have set up in iptables are currently:

sysctl -w net.ipv4.ip_forward=1

sysctl -w net.ipv4.ip_dynaddr=1

iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

iptables -A INPUT -i ppp+ -j ACCEPT

iptables -A FORWARD -i ppp+ -j ACCEPT

iptables -I PREROUTING -t nat -i ppp+ -p udp -s 10.0.10.3 -j DNAT --to 10.0.10.2

iptables -I PREROUTING -t nat -i ppp+ -p udp -s 10.0.10.2 -j DNAT --to 10.0.10.3

My intended functionality is for anyone who connects on the ppp interface to inherit the IP of the host and to have access to the internet and to be able to communicate with peers on the same network. Success!

With the exception of broadcast packets. Anything sent to 255.255.255.255 or the like does not reach anyone. To mitigate, I have hardcoded the rules in bold from above, however this is not a dynamic solution and adds up based on the number of connected clients.

My question is, what can I do to have a 'wildcard' iptables solution to this? Specifically, I ideally need a single-line solution that will forward any udp packet from ppp interfaces to other ppp interfaces, while not interfering with the other rules or tcp packets.

Thank you in advance.

Edit I caved in and tried to hardcode the rules for 100 IPs to at least get it running normally. Even in the shortest format I could find, I encountered the issue that only the first rule will take effect for a given packet, meaning that I cannot create multiple rules for the same packet, and cannot create a catch-all rule for a single IP to the entire network either because it will send the packet in question to the source as well, leading to a similar failure:

Screenshot of rules

Edit 2 I've folded since none of the solutions I've identified so far for iptables are scalable or applicable in my scenario, unfortunately. I'll keep this question open in case anybody has any way to achieve this in one or a few lines in iptables or otherwise.

In the meantime, please feel free to review the following documents relevant for my specific case, if you're curious, or if you're in the same bucket:

Cisco Broadcast Packet Forwarding

Relay UDP broadcasts

NAT Tutorial

DNAT IP Range Documentation

Finally, here is the workaround I've currently implemented: https://github.com/udp-redux/udp-broadcast-relay-redux

128
0 + 0
udp
cn flag
Sidefix
Quick update: I have attempted this command as an alternative, with no success: iptables -A PREROUTING -t nat -i ppp+ -p udp -s 10.0.10.0/24 -j DNAT --to 10.0.10.2-10.0.10.254
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.