How to route UDP traffic from one public IP (linux) to another public IP(Windows)
Solution 1
The following section works for TCP only (This was published before Mahendra changed the title
Install rinetd. In this program you can configure incoming port and outgoing port easily. First install the program. Then change /etc/rinetd.conf
Ex:
#bindadress bindport connectaddress connectport
a.b.c.d 6667 e.f.g.h 6668
For UDP check the link below
http://brokestream.com/udp_redirect.html
This is from the chat discussion which actually solved the problem
iptables -t nat -A PREROUTING -i $EXT_IF -p udp -d $EXT_IP --dport 53 -j DNAT --to-destination $INTERNAL_SERVER
and make sure you also have it allowed to pass through the FORWARD chain with something like
#forward traffic
iptables -A FORWARD -i $EXT_IF -o $INT_IF -p udp -d $INTERNAL_SERVER --dport 53 -j ACCEPT
#reply traffic
iptables -A INPUT -o $EXT_IF -i $INT_IF -p udp -s $INTERNAL_SERVER --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
Solution 2
Yes, this is called reverse NAT and is part of the IpTables capabilities of Linux. Every decent NATtins firewall does that to expose services.
Related videos on Youtube
Mahendra Liya
Updated on September 18, 2022Comments
-
Mahendra Liya almost 2 years
I want to prevent direct access of my Windows Machine and want to expose some programs running on it via my Linux Machine (which again is accessible by a Public IP).
Is there a way where-in I can configure my Linux Machine (say IP =
a.b.c.d)
to route all theUDP
traffic which it gets at a specific port (say6667
) to my Windows Machine (say IP =e.f.g.h
) at port6668
?Is yes, how can I implement it?
UPDATE
# bindadress bindport connectaddress connectport 192.168.2.45 6667 192.168.2.104 6668 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format logcommon ~
UPDATE
I wish to route
UDP
traffic only.-
David Schwartz almost 12 yearsIs the Linux machine the Windows machine's default router? Do you need replies to work too? Do you need the Windows machine to see the real source IP addresses of the UDP packets? (If the answers are "no", "yes", and "yes", you have a very hard problem.)
-
-
Mahendra Liya almost 12 yearsCan you show me a working command line for reverse NAT?
-
TomTom almost 12 yearsNo, I dont use Linux outside of firewall appliances and I doubt the setup instructions for a MIkrotik ROuterOs installation woudld mean anything to you or be helpfull at all, sorry.
-
Mahendra Liya almost 12 yearsThank you.. this looks promising and easy to configure. Before I try it on my Live IP, I'd like to test it locally. Do you think this will work on local network as well?
-
Manula Waidyanatha almost 12 yearsyes of course. I've tested it
-
Mahendra Liya almost 12 yearsI'm not sure what's wrong, but doesn't seem to work for me locally. I posted my conf file in the question...
-
Manula Waidyanatha almost 12 yearsDid you restart the rinetd.If not; restart it: /etc/init.d/rinetd restart
-
Mahendra Liya almost 12 yearsYes, I restarted it.. doesn't work yet...
-
Manula Waidyanatha almost 12 yearsuse telnet to verify the ports. ex: telnet 192.168.2.45 6667 is there a firewall in linux machine
-
Manula Waidyanatha almost 12 years
-
symcbean almost 12 years
-
Mahendra Liya almost 12 yearssomebody downvoted it without explanation, please either put your comments or upvote it.. The answer really helped!