How to forward packets on one interface through iptables?

O

Oleg2020-09-28 13:00:17

linux

Oleg, 2020-09-28 13:00:17

How correct are the rules below?

iptables -t nat -A PREROUTING -p udp -d 192.168.243.131 --dport 2502 -j DNAT --to-destination 31.130.115.27
iptables -A FORWARD -i eth0 -p udp -d 31.130.115.27 --dport 2502 -j ACCEPT

where
192.168.243.131 is the address of the machine with iptables (where packets come from and where they should go)
31.130.115.27 is the external address of the machine to which I want to send packets

Apparently not very good, because it does not work)

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

H

hint000, 2020-09-28
@VDT2

Not enough data to give a definitive answer. But you can guess. :)
Option (1) - asymmetric route:
Send packets from a machine with the address 192.168.243.x.
The packets have a source address of 192.168.243.x.
31.130.115.27 sends a response to 192.168.243.x.
192.168.243.x unexpectedly receives a response from 31.130.115.27, although it was waiting for a response from 192.168.243.131; An unexpected response is thrown into the trash.
Option (2) - routing is not registered:
31.130.115.27 generally sees the network 192.168.243.0/24?
In general, the rules are correct, but something is still missing. Details are needed to understand what exactly is missing.

D

Dmitry, 2020-09-28
@q2digger

because you still need to add SNAT so that the recipient server also deceives.

C

ComodoHacker, 2020-09-28
@ComodoHacker

Look at the counters (iptables list -v) to see if packets pass through your rules.