How to route UDP traffic from one public IP (linux) to another public IP(Windows)

ip linux-networking route forwarding

18,419

Solution 1

The following section works for TCP only (This was published before Mahendra changed the title

Install rinetd. In this program you can configure incoming port and outgoing port easily. First install the program. Then change /etc/rinetd.conf

Ex:

#bindadress bindport connectaddress connectport

a.b.c.d 6667 e.f.g.h 6668

For UDP check the link below

http://brokestream.com/udp_redirect.html

This is from the chat discussion which actually solved the problem

iptables -t nat -A PREROUTING -i $EXT_IF -p udp -d $EXT_IP --dport 53 -j DNAT --to-destination $INTERNAL_SERVER

and make sure you also have it allowed to pass through the FORWARD chain with something like

#forward traffic
iptables -A FORWARD -i $EXT_IF -o $INT_IF -p udp -d $INTERNAL_SERVER --dport 53 -j ACCEPT
#reply traffic
iptables -A INPUT -o $EXT_IF -i $INT_IF -p udp -s $INTERNAL_SERVER --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

Solution 2

Yes, this is called reverse NAT and is part of the IpTables capabilities of Linux. Every decent NATtins firewall does that to expose services.

18,419

Mahendra Liya

Updated on September 18, 2022

Comments

Mahendra Liya almost 2 years
I want to prevent direct access of my Windows Machine and want to expose some programs running on it via my Linux Machine (which again is accessible by a Public IP).

Is there a way where-in I can configure my Linux Machine (say IP = a.b.c.d) to route all the UDP traffic which it gets at a specific port (say 6667) to my Windows Machine (say IP = e.f.g.h) at port 6668?

Is yes, how can I implement it?

UPDATE
```
# bindadress    bindport  connectaddress  connectport

192.168.2.45    6667    192.168.2.104   6668

# logging information
logfile /var/log/rinetd.log

# uncomment the following line if you want web-server style logfile format
logcommon
~          
```
UPDATE

I wish to route UDP traffic only.
- David Schwartz almost 12 years
  
  Is the Linux machine the Windows machine's default router? Do you need replies to work too? Do you need the Windows machine to see the real source IP addresses of the UDP packets? (If the answers are "no", "yes", and "yes", you have a very hard problem.)
Mahendra Liya almost 12 years

Can you show me a working command line for reverse NAT?
TomTom almost 12 years

No, I dont use Linux outside of firewall appliances and I doubt the setup instructions for a MIkrotik ROuterOs installation woudld mean anything to you or be helpfull at all, sorry.
Mahendra Liya almost 12 years

Thank you.. this looks promising and easy to configure. Before I try it on my Live IP, I'd like to test it locally. Do you think this will work on local network as well?
Manula Waidyanatha almost 12 years

yes of course. I've tested it
Mahendra Liya almost 12 years

I'm not sure what's wrong, but doesn't seem to work for me locally. I posted my conf file in the question...
Manula Waidyanatha almost 12 years

Did you restart the rinetd.If not; restart it: /etc/init.d/rinetd restart
Mahendra Liya almost 12 years

Yes, I restarted it.. doesn't work yet...
Manula Waidyanatha almost 12 years

use telnet to verify the ports. ex: telnet 192.168.2.45 6667 is there a firewall in linux machine
Manula Waidyanatha almost 12 years

let us continue this discussion in chat
symcbean almost 12 years

serverfault.com/questions/140622/…
Mahendra Liya almost 12 years

somebody downvoted it without explanation, please either put your comments or upvote it.. The answer really helped!