Score:1

What is the iptables equivalent to what socat does?

cy flag

What is the iptables equivalent to the following?

socat TCP-LISTEN:8080 TCP:some-random-host-in-another-network.com:80

Now multiple clients can connect to port 8080 of this middle host to actually access some-random-host-in-another-network.com:80. I'm asking to see whether it improves the latency and throughput.

Score:1
za flag

Something like the following:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination some-random-host-in-another-network.com:80
iptables -t nat -A POSTROUTING -d some-random-host-in-another-network.com -p tcp --dport 80 -j MASQUERADE

(this is bare minimum, likely you'd want to add permitting rules into filter FORWARD and so on)

This would translate both addresses, source and destination. The "some-random-host-in-another-network.com" will see connections as coming from this host and hide the original source.

Masood Lapeh avatar
cy flag
I replaced domain names by their IP addresses. It gives me error: "iptables: No chain/target/match by that name". So I added -t nat to both rules. Is that right? But still it doesn't work as expected. I checked ip forwarding and it is enabled both for the interface and in general. By the way there is no ufw or other firewalls enabled. I'm not sure, but maybe something even very simple should listen on the incoming open port and iptables alone is not enough?
Masood Lapeh avatar
cy flag
Rules: iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to-destination 89.43.107.25:7090; iptables -t nat -A POSTROUTING -d 89.43.107.25 -p tcp --dport 7090 -j MASQUERADE. Thanks.
Nikita Kipriyanov avatar
za flag
Yes, I forgot `-t nat`. Sorry. I fixed it in the answer. If it fits you, please accept for the question to not wander around as unanswered.
Masood Lapeh avatar
cy flag
Thanks. This answer seems to be essentially correct. Apparently I had some other problem, so I ran these beforehand: iptables -F; iptables -t nat -F; iptables -X
in flag
Sam
How can I specify the source interface and the destination interface?
Nikita Kipriyanov avatar
za flag
@Sam there are no "source" and "destination", there are "incoming" (through which the packets comes into the system) `-i` and "outgoing" (the one it leaves through) `-o`. But I don't understand why it could be needed in this case.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.