Forwarding to another ip:port based on source

Forwarding to another ip:port based on source

[Tony Spencer]

Hi 

Is it possible to have an IPTables rule that will forward any packets on a
given port to another ip address and port based on where the packet came
from?

For example if I have a server on IP 192.168.0.1 and any requests into that
server on port 80 from a source IP of 192.168.1.10 and want to force those
packets to our squid server 192.168.0.11 on port 3128. But only for the IP
192.168.1.10, all other requests to the server on port 80 should stay local?

Thanks
Tony
 

Re: Forwarding to another ip:port based on source

[Jörg Harmuth]

Tony Spencer wrote:
> Hi 
> 
> Is it possible to have an IPTables rule that will forward any packets on a
> given port to another ip address and port based on where the packet came
> from?

Yes

> For example if I have a server on IP 192.168.0.1 and any requests into that
> server on port 80 from a source IP of 192.168.1.10 and want to force those
> packets to our squid server 192.168.0.11 on port 3128. But only for the IP
> 192.168.1.10, all other requests to the server on port 80 should stay local?

Use -s option like this:

-t nat -A PREROUTING -p tcp --dort 80 -s 192.168.1.10 \
    -j DNAT --to 192.168.0.11:3128

Probably you will have to SNAT too. Watch with tcpdump.

HTH,

Joerg