Forwarding multiple UDP ports

Forwarding multiple UDP ports

[Oliver Schulze L.]

Hi,
I have a intranet server that initiate UDP connections and I want to forward
those connections to and Internet IP.

I have a Linux box with 2 NICs.

My question is: can I forward UDP trafic from and internal server to the 
Internet?
Can I use this line:

iptables -t nat -A PREROUTING -p udp -s INTRA_SERVER -d INTRA_ROUTER 
--dport 1024:6000 -j DNAT --to-destination INET_IP:1024-6000

I'm testing it and I see the rule matched, the byte and packet counters 
are incrementing.
But, I see no traffic going out of the Internet NIC.
I'm not sure if the multi-port specification will work.

Thanks!
Oliver

-- 
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver

Re: Forwarding multiple UDP ports

[Jan Engelhardt]

>
> My question is: can I forward UDP trafic from and internal server to the
> Internet?
> Can I use this line:
>
> iptables -t nat -A PREROUTING -p udp -s INTRA_SERVER -d INTRA_ROUTER 
> --dport 1024:6000 -j DNAT --to-destination INET_IP:1024-6000
>
> I'm testing it and I see the rule matched, the byte and packet counters are
> incrementing.
> But, I see no traffic going out of the Internet NIC.
> I'm not sure if the multi-port specification will work.

Who is INET_IP? Is it the same host as INTRA_ROUTER?


Jan Engelhardt
-- 

Re: Forwarding multiple UDP ports

[Oliver Schulze L.]

Hi Jan,
sorry about not specifying.

INTRA_SERVER: intranet ip of the server initiation the udp traffic to 
the INTRA_ROUTER IP
INTRA_ROUTER: intranet ip of the router
INET_IP: a random public IP

The traffic flow should be:
INTRA_SERVER -> intranet -> INTRA_ROUTER -> internet -> INET_IP

Explanation:
INTRA_SERVER sends UDP traffic to the INTRA_ROUTER IP, then, INTRA_ROUTER
forwards those packets to the public IP INET_IP

Thanks
Oliver


Jan Engelhardt wrote:
>> My question is: can I forward UDP trafic from and internal server to the
>> Internet?
>> Can I use this line:
>>
>> iptables -t nat -A PREROUTING -p udp -s INTRA_SERVER -d INTRA_ROUTER 
>> --dport 1024:6000 -j DNAT --to-destination INET_IP:1024-6000
>>
>> I'm testing it and I see the rule matched, the byte and packet counters are
>> incrementing.
>> But, I see no traffic going out of the Internet NIC.
>> I'm not sure if the multi-port specification will work.
>>     
>
> Who is INET_IP? Is it the same host as INTRA_ROUTER?
>
>
> Jan Engelhardt
>   

-- 
Oliver Schulze L.
Get my e-mail after a captcha test in: http://tinymailto.com/oliver

Re: Forwarding multiple UDP ports

[Jan Engelhardt]

>
> Explanation:
> INTRA_SERVER sends UDP traffic to the INTRA_ROUTER IP, then, INTRA_ROUTER
> forwards those packets to the public IP INET_IP

In that case, DNAT is ok. Just make sure that no packet (in either 
direction) can evade INTRA_ROUTER (such as hubs/switches and other 
sorts of bridges), because that nullifies NAT.


Jan Engelhardt
--