How to transfer real IP via udp via GRE?

S

Sergey Vasiliev2021-08-20 16:30:26

iptables

Sergey Vasiliev, 2021-08-20 16:30:26

Hello, I have 2 servers, from 1 UDP traffic goes to the second one via iptables, here are the rules that do this:

-A PREROUTING -d 112.15.204.145/32 -p udp --dport 19130:19140 -j DNAT --to-destination 10.200.1.9
-A POSTROUTING -d 10.200.1.9 -p udp --dport 19130:19140 -j SNAT --to-source 10.200.1.8

Everything works, but the problem is that the ip 10.200.1.8 is transmitted instead of the real ip of the person. How can this be fixed?

PS there are no problems with such a tcp rule, the real IP is transmitted here

-A PREROUTING -d 112.15.204.145/32 -i eth0 -p tcp --dport 25500:25600 -j DNAT --to-destination 10.200.1.9

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

W

Wexter, 2021-08-20
@Wexter

-A POSTROUTING -d 10.200.1.9 -p udp --dport 19130:19140 -j SNAT --to-source 10.200.1.8

Everything works, but the problem is that the ip 10.200.1.8 is transmitted instead of the real ip of the person. How can this be fixed?

So remove this rule

V

Vladimir, 2021-08-20
@MechanID

With the rule -A POSTROUTING -d 10.200.1.9 -p udp --dport 19130:19140 -j SNAT --to-source 10.200.1.8
you rewrite the IP address of the packet sender
to yours. server 1 sent it to server 2, server 2 answered.... but the sender of the packet is waiting for a response from server 1 and not server 2
What to do:
remove the rule above and on server 2 configure packet marking using iptables and routing rules based on packet marking so that everything that comes through the interface with the gre goes there and not through the network behind which the default gateway, the closest example of how to set it up is in the LARTC documentation section about multi WAN