Join Log in
Score:0
Richard avatar Server

forward packets with iptables

ug flag
Richard

I would like to port forward all that enter to 10.32.43.75:80 to 10.48.5.66:80

how can I do this with iptables in 10.32.43.75?

I tried this, but didnt work:

iptables -A PREROUTING -t nat -i ens33 -p tcp --dport -j DNAT --to 10.48.5.66:80

iptables -A FORWARD -p tcp -d 10.48.5.66 --dport 80 -j ACCEPT

83
0 + 0
Score:0
avatar Server
us flag
Tero Kilkanen

The problem in your setup is that packet's source addresses remain the same. An example of the packet flow, where client is 192.168.100.100:

  1. Client's packet with source 192.168.100.100 arrives to 10.32.43.75 port 80. Packet's source address is 192.168.100.100 and destination 10.32.43.75.
  2. IPTables does destination NAT, changing destination to 10.48.5.66. Packet's source address is 192.168.100.100 and destination 10.48.5.66.
  3. Packet is forwarded to 10.48.5.66. It sends a response packet to 192.168.100.100. Response packet's source address is 10.48.5.66 and destination address 192.168.100.100.
  4. Response packet reaches the client. However, since the original packet was sent to 10.32.43.75, the source address 10.48.5.66 does not match client's expectations, therefore the packet is dropped.

The solution is to add MASQUERADE rule, which changes source IP address to 10.32.43.75 on port forwarded packets:

iptables -t nat -A POSTROUTING -d 10.48.5.66 -p tcp --dport 80 -j MASQUERADE
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.