Port forwarding and traffic redirection via iptables

Question

Port forwarding and traffic redirection via iptables

There is a router 192.168.1.1, the Internet comes to it.

On the router, port 6666 is forwarded to the server with Ubuntu (192.168.1.2, interface eth0). There is also a second interface eth1 installed on the server, to which a separate locale is connected (ip the server address in this network 10.10.10.2, the main gateway is 10.10.10.1). Through this locale, a computer in the 3rd network is available 192.168.100.1:6666.

Task: configure iptables ubuntu so that users over the Internet on port 6666 can reach 192.168.100.1. Forwarding is enabled.

I can't figure out how to correctly write the following logic (if it is correct at all):

Redirect packets from one interface eth0 to another eth1 if polling 192.168.1.2:6666.
Redirect packets from 10.10.10.2 eth1 to the ip address available through this locale 192.168.100.1:6666.

4

linux ubuntu iptables сеть nat

Author: moragame, 2020-01-10

Source

1 answers

score 2 · Answer 1

(On the server ubuntu) Specify the route to 192.168.100.1:

ip route add 192.168.100.1 via 10.10.10.1

Changing the destination in the packets to 192.168.100.1:

iptables --table nat --insert PREROUTING \
    --proto tcp --dport 6666 --jump DNAT --to-destination 192.168.100.1:6666
iptables --table nat --insert PREROUTING \
    --proto udp --dport 6666 --jump DNAT --to-destination 192.168.100.1:6666

If the router 192.168.0.1 does not have a masquerade, then:

iptables --table nat --insert POSTROUTING --jump MASQUERADE

It should, in theory, earn money.