2

I am trying to set up port forwarding on UDP from port 12345 to port 54321 using the following:

iptables -t nat -A PREROUTING -p udp -i eth0 -d 192.168.0.1  --dport 12345 -j DNAT --to 192.168.0.1:54321

iptables -A FORWARD -p udp -i eth0 -d 192.168.0.1 --dport 54321 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

This works fine for new connections, however, it wouldn't work for connections currently active.

To clarify what I mean, let's say that before adding the rules, there is an active connection from 192.168.0.2:55555 <---> 192.168.0.1:12345, and I am trying to redirect all incoming connections on 192.168.0.1:12345 to 192.168.0.1:54321.

After adding the above two rules, all other packets destined to 192.168.0.1:12345 are received at 192.168.0.1:54321 except the ones from 192.168.0.2:55555.

I guess the state of the connection plays a role in this. How can I solve this and get the packets from 192.168.0.1:55555 destined to port 12345 get delivered to port 54321?

Human
  • 141
  • 1
  • 7
  • 1
    UDP are datagram packets, there's no sense of "active connection" like with TCP. Or are you talking about some higher layer protocol handshake? – Jon Lin Aug 26 '12 at 03:40
  • I explained the case! I know UDP is connectionless, but after I add the port forwarding rules, packets from a previously seen remote IP and Port are not forwarded to the new port. – Human Aug 26 '12 at 14:00
  • anyone has any suggestion? – Human Sep 28 '12 at 23:59

1 Answers1

2

I figured out how to do it!

You need to use the REDIRECT on NAT! However before that you have to erase the entry corresponding to this connection from conntrack! Something like the following

conntrack -D -p udp -d  192.168.0.1 --dport=55555
Human
  • 141
  • 1
  • 7