C
C
cyberhaze2018-05-08 19:37:54
linux
cyberhaze, 2018-05-08 19:37:54

Iptables: how to redirect TCP/UDP connections from external clients to another external IP?

For my project, I need to set up a transparent proxy host not only for the web server, but also for other TCP/UDP connections (SIP, RDP, etc.) so that these servers are hidden directly from users for increase the level of security.
The configuration should be such that no additional settings are required on the client side. Given the specifics of my infrastructure, standard solutions (Squid, VPN, NAT (External to Internal)) do not suit me.
The specifics of my network:
1. All hosts are distributed territorially (VPS, Dediks) and are interconnected through external interfaces. At the same time, I cannot use private networks offered by providers, because providers are different.
2. Raise the VPN server and connect all hosts to the VPN. This option is not suitable due to a significant increase in delays, as well as problems with VPN support in part of the equipment.
3. Reverse Proxy - as I understand it, this solution involves using only HTTP, HTTPS ports
I think it is possible to implement a "transparent proxy" for TCP / UDP connections between a remote client and server without VPN for various services, using iptables for this scheme:
|remote client|public ip|> <-SIP, RDP, HTTPS-> <|Public IP|Proxy Server|Public IP|> <-SIP, RDP, HTTPS-> <|Public IP|hosts with services (RDP, SIP, VPN.)|
As I understand it, for this I will need the following tables and chains:
PREROUTING:
SNAT
I fight the third day, nothing works. I would appreciate any advice and your opinion - is it possible to implement this for UDP connections?
Thank you.

Answer the question

In order to leave comments, you need to log in

2 answer(s)
D
Dmitry Tallmange, 2018-05-08
@p00h

Sending a connection to another remote host will fail. The only option is to hit the address, say, in a vpn: for example, raise the IP over and send it there. If you do not want to use any vpn, then the problem is unsolvable.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question