How can I redirect traffic transparently from one IP to another?

Question

I would like to redirect all incoming traffic on port 1111, to another server again on port 1111, serving as a transparent proxy. After googling around, I've tried using iptables, but it does not work as expected.

root@glider:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

root@glider:~# iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 10.2.4.44:1111

root@glider:~# iptables -t nat -A POSTROUTING -j MASQUERADE

root@glider:~# telnet localhost 1111
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

root@glider:~# telnet 10.2.4.44 1111
Trying 10.2.4.44...
Connected to 10.2.4.44.
Escape character is '^]'.

I am using Kubuntu 14.04 LTS.

Check if forward is not denied in firewall: iptables -L FORWARD -v -n — Laurentiu Roescu, Jul 29 '14 at 09:26

score 4 · Accepted Answer · answered Jul 29 '14 at 09:39

The PREROUTING chain is used for incoming packets, but not for locally generated packets. In order to test it, you should not be connecting to localhost. Instead you should test the connection from a different host.

Applying nat rules to all interfaces is potentially problematic. I'd recommend that you restrict the rules to only apply on the interface, where you need them.

The DNAT rule should have -i <interface name> or -d <ip address>, the MASQUERADE rule should have -o <interface name>.

Indeed, in the real case I have to restrict it to one of the interfaces. Thanks. — Kouber Saparev, Jul 29 '14 at 09:43

How can I redirect traffic transparently from one IP to another?

1 Answers1