Join Log in
Score:0
avatar Server

IP Tables forwarding issue

in flag
Mike Diaz

Thank you in advance for the assistance.

I have tried reading on here and searching but I can't seem to get it to work.

Computer A: 192.168.1.2 Computer B: 192.168.1.3

I am trying to send a UDP message from .2 to .3 and changing the port. .2 will send a message on 1003 and i want .3 to accept it on 1004.

The code below is placed on the .3 computer

iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.168.1.2 --dport 1003 -j DNAT --to-destination 192.168.1.3:1004
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.2 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -A FORWARD -i eth0 -p udp -d 192.168.1.2 --dport 1004 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
39
0 + 0
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Don't mask private IPs. This don't enhance any security, but makes it harder to help you.
0
Reply
Score:1
Nikita Kipriyanov avatar Server
za flag
Nikita Kipriyanov

Your matches are wrong. They'll fire if the destination was 192.168.1.2. In your case, the source is 192.168.1.2 and the destination is 192.168.1.3.

Also, it seems you only need only DNAT rule or a REDIRECT rule, not both.

The filtering rule should be in the INPUT chain, because destination is the local machine. I see no point in using state module in this rule, but there may be a need to add other connection tracking related rules; it is unclear if those are needed at all. This depends on the rest of the firewall. If there is nothing in the firewall, no filter rules are necessary, because everything will be enabled anyway.

By the way, state is obsolete, you should use conntrack module, ctstate match instead.

So, you seem to need the following two rules:

iptables -t nat -A PREROUTING -s 192.168.1.2 -d 192.169.1.3 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -t filter -A INPUT -s 192.168.1.2 -p udp --dport 1004 -j ACCEPT

First rule redirects incoming packet to 1003 to the port 1004 (and back for outgoing packets). The second rule actually permits this translated packet to reach a local process.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.