Answer the question
In order to leave comments, you need to log in
M
M
Multigame2016-12-17 23:01:32
Multigame, 2016-12-17 23:01:32
How to setup iptables redirect?
Good evening.
There is server A and server B. You need to configure tcp and udp redirection from A:22513 to B:22513 (well, return of response packets)
I do this
iptables -t nat -A PREROUTING --dst A -p tcp --dport 22513 -j DNAT --to-destination B:22513
iptables -t nat -A PREROUTING --dst A -p udp --dport 22513 -j DNAT --to-destination B:22513
iptables -I FORWARD 1 -i eth0 -o eth1 -d A -p tcp -m tcp --dport B -j ACCEPT
iptables -t nat -A POSTROUTING --dst B -p tcp --dport 22513 -j SNAT --to-source A
iptables -t nat -A POSTROUTING --dst B -p udp --dport 22513 -j SNAT --to-source AEverything is saved, but when testing (via tracetcp), the trace reaches node A (the node itself is not displayed in the trace and goes into endless Request timed out lines)
[~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:22513 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:22513 state NEW
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere B udp dpt:22513
ACCEPT tcp -- anywhere B tcp dpt:22513
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationWhat am I doing wrong?
1 answer(s)
@Multigame
K
krosh, 2016-12-22 @Multigame
The INPUT chain is not traversed by transit packets.
In the FORWARD chain, you still have a policy that allows everything, so there is no point in the rules there. After changing the default policy, do not forget to add reverse rules, with source port 22513. Are there
pings to B?
The port is open, connection with A is possible?
Is the route to B registered?
Does B have incoming blocking? You need to allow access A to port 22513.
Show
cat /proc/sys/net/ipv4/ip_forward
iptables -t nat -S
iptables -S FORWARD
ip route sh
Similar questions
G
S
M
L
X
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question