Forwarding packets on same interface (echoing)

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Forwarding packets on same interface (echoing)
@ 2005-08-12 11:05 Martin van den Berg
  2005-08-12 16:40 ` J.T. Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Martin van den Berg @ 2005-08-12 11:05 UTC (permalink / raw)
  To: netfilter

G'day,

I have this NAT/firewall box (debian) configured with iptables. Port
forwarding etc works fine for one exception: A need a rule that
'echoes' back udp packets if they meet the following criteria:
+ in-interface=eth1 (that's the 'private' interface)
+ destination IP is public ip-address (e.g. 1.2.3.4) (that's eth0)
+ Port range is e.g. 30000-32000
+ The packets need to be forwarded via eth0 (thus echoed) to e.g.
10.10.1.2, same port.

Hope you can help me and thanks in advance!

Martin.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Forwarding packets on same interface (echoing)
  2005-08-12 11:05 Forwarding packets on same interface (echoing) Martin van den Berg
@ 2005-08-12 16:40 ` J.T. Moore
  0 siblings, 0 replies; 2+ messages in thread
From: J.T. Moore @ 2005-08-12 16:40 UTC (permalink / raw)
  To: Martin van den Berg, netfilter

Martin,

The following will work if you want the packets coming to 1.2.3.4 to be redirected to 10.10.1.2

    iptables -t nat -A PREROUTING -i eth1 -d 1.2.3.4 -p udp --dport 30000:32000 -j DNAT --to-destination 10.10.1.2

If you want the reply from 10.10.1.2 to be change to look like it came from 1.2.3.4 you have two choices based on your network setup

1. 10.10.1.2 routes its replies through the same machine using iptables to do the DNAT above. This makes life simple because the iptables machine will track the DNAT connection and change the source address in the replies from 10.10.1.2 back to 1.2.3.4 automatically

or

2. Run iptables on 10.10.1.2 or another machine between 10.10.1.2 and the clients and SNAT responses to the client from 10.10.1.2 to 1.2.3.4. This can potentially get complicated and ugly, but it can be done


J.T.

----- Original Message ----- 
From: "Martin van den Berg" <martinvdberg@gmail.com>
To: <netfilter@lists.netfilter.org>
Sent: Friday, August 12, 2005 7:05 AM
Subject: Forwarding packets on same interface (echoing)


G'day,

I have this NAT/firewall box (debian) configured with iptables. Port
forwarding etc works fine for one exception: A need a rule that
'echoes' back udp packets if they meet the following criteria:
+ in-interface=eth1 (that's the 'private' interface)
+ destination IP is public ip-address (e.g. 1.2.3.4) (that's eth0)
+ Port range is e.g. 30000-32000
+ The packets need to be forwarded via eth0 (thus echoed) to e.g.
10.10.1.2, same port.

Hope you can help me and thanks in advance!

Martin.





^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-08-12 16:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-12 11:05 Forwarding packets on same interface (echoing) Martin van den Berg
2005-08-12 16:40 ` J.T. Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox