Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need redirect connections,which made to one IP of my Linux box but to about 100-200 different ports, let say from 50000 - 50150, to a different IPsort.
I want to choose destination IP by incoming connection port.
So I found rinetd, socat and, of course, iptables, also can do it with DNAT.
The question is - I need to set up about 100~200 rules for iptables, and for the rinetd. But rinetd will listen all those ports. I do not really know about socat, but think it will be something the same.
I need advice about it, what is better.
May be someone gives me better ideas.
Would using "-m multiport --dports 50000:50150", feeding into a chain composed of "-j REDIRECT" but without using "--to-ports" (ensuring not altering the destination port), work?
Sorry, but idea is to redirect different port to certain IP. For example: if connection comes to 50020 port of my router it forward it to 172.16.116.20:80, but if it comes to 50021 it will forward it to 172.16.120.30:3128...
I want to try to hide internal network IPs and ports from external visitors and I thought it will work.
It will be the long rules list, but iptables wont keep ports in "listen" state, rinetd will be listening all 100~150 ports.
I do not really care about it since connection to those port anyway goes through Linux box.
I do not know how iptables will like my 100~150 DNAT rules, but would prefer to use iptables.
I do not know how iptables will like my 100~150 DNAT rules, but would prefer to use iptables.
As filtering is done on a "first match wins" basis you could optimize things by putting the most accessed rules first (like having "--state ESTABLISHED,RELATED" in the filter table above "-state NEW") after a while and while filtering requires CPU and RAM adding 100 to 150 rules should not pose a problem unless it's an underspecced machine swamped in traffic. I don't see however why you would want to obfuscate ports too (you've hidden the LAN IP already) as many services are expected on default ports (try 'getent services http' to see what I mean). For example forwarding external traffic on port TCP/80 to internal host 172.16.116.20 TCP/50020 makes sense but forwarding external traffic on port TCP/50021 to internal host 172.16.120.30 TCP/3128 doesn't as no client would expect a service to reside on ephemeral port TCP/50021.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
ort.
