IP Tables forwarding issue
Thank you in advance for the assistance.
I have tried reading on here and searching but I can't seem to get it to work.
Computer A: 192.168.1.2 Computer B: 192.168.1.3
I am trying to send a UDP message from .2 to .3 and changing the port. .2 will send a message on 1003 and i want .3 to accept it on 1004.
The code below is placed on the .3 computer
iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.168.1.2 --dport 1003 -j DNAT --to-destination 192.168.1.3:1004
iptables -t nat -A PREROUTING -i eth0 -d 192.168.1.2 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -A FORWARD -i eth0 -p udp -d 192.168.1.2 --dport 1004 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Solution 1:
Your matches are wrong. They'll fire if the destination was 192.168.1.2
. In your case, the source is 192.168.1.2
and the destination is 192.168.1.3
.
Also, it seems you only need only DNAT
rule or a REDIRECT
rule, not both.
The filtering rule should be in the INPUT
chain, because destination is the local machine. I see no point in using state
module in this rule, but there may be a need to add other connection tracking related rules; it is unclear if those are needed at all. This depends on the rest of the firewall. If there is nothing in the firewall, no filter rules are necessary, because everything will be enabled anyway.
By the way, state
is obsolete, you should use conntrack
module, ctstate
match instead.
So, you seem to need the following two rules:
iptables -t nat -A PREROUTING -s 192.168.1.2 -d 192.169.1.3 -p udp --dport 1003 -j REDIRECT --to-ports 1004
iptables -t filter -A INPUT -s 192.168.1.2 -p udp --dport 1004 -j ACCEPT
First rule redirects incoming packet to 1003 to the port 1004 (and back for outgoing packets). The second rule actually permits this translated packet to reach a local process.