IP Tables forwarding issue

Thank you in advance for the assistance.

I have tried reading on here and searching but I can't seem to get it to work.

Computer A: 192.168.1.2 Computer B: 192.168.1.3

I am trying to send a UDP message from .2 to .3 and changing the port. .2 will send a message on 1003 and i want .3 to accept it on 1004.

The code below is placed on the .3 computer

iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.168.1.2 --dport 1003 -j DNAT --to-destination 192.168.1.3:1004
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.2 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -A FORWARD -i eth0 -p udp -d 192.168.1.2 --dport 1004 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Solution 1:

Your matches are wrong. They'll fire if the destination was 192.168.1.2. In your case, the source is 192.168.1.2 and the destination is 192.168.1.3.

Also, it seems you only need only DNAT rule or a REDIRECT rule, not both.

The filtering rule should be in the INPUT chain, because destination is the local machine. I see no point in using state module in this rule, but there may be a need to add other connection tracking related rules; it is unclear if those are needed at all. This depends on the rest of the firewall. If there is nothing in the firewall, no filter rules are necessary, because everything will be enabled anyway.

By the way, state is obsolete, you should use conntrack module, ctstate match instead.

So, you seem to need the following two rules:

iptables -t nat -A PREROUTING -s 192.168.1.2 -d 192.169.1.3 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -t filter -A INPUT -s 192.168.1.2 -p udp --dport 1004 -j ACCEPT

First rule redirects incoming packet to 1003 to the port 1004 (and back for outgoing packets). The second rule actually permits this translated packet to reach a local process.