How to redirect a request to another IP and port using iptables?

S

shynie2014-10-08 16:58:59

linux

shynie, 2014-10-08 16:58:59

Good day.
Is it possible to make requests to a server on a specific port be redirected to another external server that is not on the same network as the first one, while retaining the original sender IP?
That is, suppose that the user with the address 1.2.3.4 accesses the server with the address 4.3.2.1 on port 100. The server should somehow tell the user that he "wrong address" and send him to another server. After this procedure, the second server should receive a request from 1.2.3.4, i.e. from the original sender.
Is it even possible?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

cjey, 2014-10-08
@shynie

It seems to me that this cannot be done using iptables alone.
You can do -j REJECT --reject-with tcp-reset , but then the client must decide which next address to connect to.
It is possible to replace the sender and recipient of the packet, but then the second server will communicate with the first, and not with the client.
The simplest thing is to configure the DNS address, which server points to, and we connect to this one. Or issue a list of ip addresses for a DNS request, sort through them all and which server will respond first, and communicate with that.
UPD: In general, the question is too general, it is not clear what end goal you want to solve, so it is difficult to advise something specific.