Questions tagged [dnat]
101 questions
1
vote
2 answers
How to DNAT to different local IP based on what public IP was accessed with Shorewall?
My server has several public IPs, and is running a bunch of virtual machines with private IP adresses.
As an example, I want to map ports 80, 443 and 8080 on 232.21.23.23 (public) to 192.168.122.12 (private). I have tried a couple of different NAT…
mikl
- 622
- 1
- 11
- 17
1
vote
1 answer
iptables DNAT on smb port failed, hits on PREROUTING, but no on POSTROUTING
I'm running Ubuntu 20.04. It works well by forwarding http requests directed at port 8080 of the local machine to another machine's port 80.
But when I set iptables rules to forward smb requests directed at a local machine to another machine running…
li_jessen
- 11
- 3
1
vote
0 answers
iptables bidirectional nat udp configuration for multiple sources
I have the following setup, all udp packets:
client (42.123.124.125) -> (42.123.0.125) nat_server (192.168.2.2) -> (192.168.2.5) udp_service
nat_server has to receive incoming udp from client over a public ip and redirect the packet to the…
Aleh Smalyanau
- 11
- 2
1
vote
1 answer
redirect outgoing dns queries to localhost using iptables
Problem
There are some outgoing TCP DNS requests in my Ubuntu server that I couldn't control them to be resolved by Unbound on 127.0.0.1:53 which uses 208.67.222.222 to resolve everything, and I see those TCP DNS packets finally going from my public…
Masood Lapeh
- 48
- 1
- 5
1
vote
0 answers
DNAT From Virtual Network Gateway
I have a client connecting to my Azure Virtual Network Gateway (Gateway1) that sits in a Virtual Network (ClientVNet1: 10.13.0.0/16). I want the client to be able to connect to my DB (10.4.2.5) in a different Virtual Network (InternalVnet1:…
user472292
- 171
- 2
- 3
1
vote
1 answer
What is UDP Masquerading behavior when forwarding and listening on the same port to the same remote address?
Assuming the following:
||netns2|<-kernel routing-> netnsRoot| <-network routing-> |remote server|
netns2
is a network namespace
has a client that connects to the UDP server on UDP/5060
netnsRoot
is the root network namespace (IE: typical linux…
Liam Kelly
- 124
- 6
1
vote
0 answers
TPROXY interferes DNAT port forwarding rules
I'm setting up TPROXY on my VyOS router to forward certain traffic to a local transparent proxy. It works pretty well, until I discovered that all of my DNAT port forwarding rules are no longer working (connection timeout when connecting from…
GreenVine
- 23
- 4
1
vote
0 answers
Linux iptables DNAT IP range to single IP
I have following rules
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20001:20100 -j DNAT --to-d 169.13.29.133:80
iptables -t nat -I PREROUTING -d 192.168.0.2 -p tcp --dport 20101:20200 -j DNAT --to-d 169.13.29.134:80
iptables -t nat -I…
Sudhashri S Hebbar
- 11
- 1
1
vote
0 answers
Is it possible to send traffic through the VPN tunnel to the VPN gateway itself?
I have a WAN interface X and a web server Y behind NAT, that is traffic to X:443 is being forwarded to Y:443. Web server is accessible from the internet without any problems.
Then I have a site-to-site VPN connection where X happens to be a remote…
OGCJN
- 111
- 1
1
vote
2 answers
Forward traffic with iptables without exposing real IP/Port
I want to forward traffic with iptables without showing a different ip/port to sending host.
My application listens on host x.x.15.42, port 23555 using TCP. The client will be connecting to x.x.15.42:5555. I want the connection to be forwarded to…
mrmc
- 21
- 4
0
votes
2 answers
fail2ban action to route to another ip
I want to create a fail2ban action which routes the traffic to another IP on ban action, and removes the route on unban action.
File: iptables-route.conf in /etc/fail2ban/action.d/
# Fail2Ban configuration file
#
#
[INCLUDES]
before =…
Tim Altgeld
- 49
- 1
- 7
0
votes
1 answer
How can I limit data download with PREROUTING on iptables?
I have 2 servers, called A and B. All (tcp/udp) traffic will be redirected (via SNAT) from A to B (except SSH).
The clients will be connected to A. However, the response will return from B. This is okay. It works thanks to SNAT.
However, I'd like to…
0
votes
1 answer
DNAT locally generated packets sent to local WAN address
I have an (OpenWRT-powered) router with a port forwarding (DNAT) rule that forwards incoming HTTP requests to a dedicated server box inside my LAN. Here's the relevant configuration bits.
Addresses:
# ip -4 addr show br-lan
5: br-lan:…
intelfx
- 134
- 7
0
votes
0 answers
Request Time Out / Sessions Stalling through IPTABLE (DNAT)
Scenario:
Customer recently Migrated Clustered HANA DB Servers to Azure Cloud Platform but these are Physical Servers on Azure (Offering: Azure HLI). Usually these HLIs (HANA DB Servers) in Azure cannot be accessible directly, even not from Azure…
Ram Too
- 11
- 2
0
votes
1 answer
DNAT redirection works but returns with the redirect IP
I'm doing a test that my clients, network 10.101.29.0/24, when try to connect to 192.168.100.100 been redirected to 10.10.10.222.
This part is working, but my problem is on the answer. The answers is arriving is 10.10.10.222 and what I want is the…
Kalil
- 7
- 4