I have the following setup, all udp packets:
client (42.123.124.125) -> (42.123.0.125) nat_server (192.168.2.2) -> (192.168.2.5) udp_service
nat_server has to receive incoming udp from client over a public ip and redirect the packet to the udp_service over a private network. Then it has to redirect all the responses from the udp_service back to the client.
The client negotiates connection to a specific port (4244) and then receives data on its random udp port.
The flow can be described with tcpdump. Negotiation:
15:03:48.630928 IP 42.123.124.125.38541 > nat_server.4244: UDP, length 4
15:03:48.630953 IP nat_server.38541 > 192.168.2.5.4244: UDP, length 4
15:03:48.680698 IP 192.168.2.5.43434 > nat_server.38541: UDP, length 4
15:03:48.680707 IP nat_server > 42.123.124.125.38541: UDP, length 4
Data flow:
15:03:48.680741 IP 192.168.2.5.43434 > nat_server.38541: UDP, length 16
15:03:48.680743 IP nat_server.43434 > 42.123.124.125.38541: UDP, length 16
The ports 38541 and 43434 stay the same during the whole connection.
I managed to do it with this iptables config:
iptables -t nat -A PREROUTING -s 42.123.124.125 -p udp -j DNAT --to-destination 192.168.2.5:4244
iptables -t nat -A PREROUTING -s 192.168.2.5 -p udp -j DNAT --to-destination 42.123.124.125
iptables -t nat -A POSTROUTING -j MASQUERADE
How can I achieve the same behaviour when there are many clients? So instead of 42.123.124.125 I would like to use a range, e.g. 42.123.124.0/24
