What is the iptables equivalent to what socat does?

Masood Lapeh

10/18/23, 4:34 PM

What is the iptables equivalent to the following?

socat TCP-LISTEN:8080 TCP:some-random-host-in-another-network.com:80

_{Now multiple clients can connect to port 8080 of this middle host to actually access some-random-host-in-another-network.com:80.
I'm asking to see whether it improves the latency and throughput.}

598

1 + 0

proxy

iptables

port

port-forwarding

socat

Score:1

Server

Nikita Kipriyanov

10/18/23, 4:54 PM

Something like the following:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination some-random-host-in-another-network.com:80
iptables -t nat -A POSTROUTING -d some-random-host-in-another-network.com -p tcp --dport 80 -j MASQUERADE

(this is bare minimum, likely you'd want to add permitting rules into filter FORWARD and so on)

This would translate both addresses, source and destination. The "some-random-host-in-another-network.com" will see connections as coming from this host and hide the original source.

+ 6

Masood Lapeh

10/18/23, 6:07 PM

I replaced domain names by their IP addresses. It gives me error: "iptables: No chain/target/match by that name". So I added -t nat to both rules. Is that right? But still it doesn't work as expected. I checked ip forwarding and it is enabled both for the interface and in general. By the way there is no ufw or other firewalls enabled. I'm not sure, but maybe something even very simple should listen on the incoming open port and iptables alone is not enough?

Masood Lapeh

10/18/23, 6:11 PM

Rules: iptables -t nat -A PREROUTING -p tcp --dport 9090 -j DNAT --to-destination 89.43.107.25:7090; iptables -t nat -A POSTROUTING -d 89.43.107.25 -p tcp --dport 7090 -j MASQUERADE. Thanks.

Nikita Kipriyanov

10/18/23, 6:28 PM

Yes, I forgot `-t nat`. Sorry. I fixed it in the answer. If it fits you, please accept for the question to not wander around as unanswered.

Masood Lapeh

10/19/23, 9:54 AM

Thanks. This answer seems to be essentially correct. Apparently I had some other problem, so I ran these beforehand: iptables -F; iptables -t nat -F; iptables -X

Sam

3/29/24, 10:19 PM

How can I specify the source interface and the destination interface?

Nikita Kipriyanov

3/30/24, 3:09 AM

@Sam there are no "source" and "destination", there are "incoming" (through which the packets comes into the system) `-i` and "outgoing" (the one it leaves through) `-o`. But I don't understand why it could be needed in this case.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the iptables equivalent to what socat does?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.