Using iptables to route all outbound traffic to internal box
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Using iptables to route all outbound traffic to internal box
Hey guys,
I have been working on a personal project that requires HTTP traffic, destined for the WAN (on my ADSL router, 10.10.10.254), to be routed to an internal box (lets call it 10.10.10.1 /24, listening on port 8888). That box does some traffic monitoring and then will send it back to the ADSL router, sitting on 10.10.10.254.
If I dump this into the telnet session on my router (it runs a linux base, so it supports iptables), it doesn't seem to work.
From what I can understand, that rule should route all HTTP traffic to 10.10.10.1:8888 and ignore any traffic that is originating from 10.10.10.1 (needed otherwise a routing loop would happen).
I would really appreciate any help, really stuck on this one for a couple days now
You probably need a permission in the FORWARD chain. Other than that tcpdump is your friend, see where the traffic goes/doesn't go. Have your cleanup rules log and check your logs.
Code:
-A INPUT -m limit --limit 1/second --limit-burst 100 -j LOG
-A INPUT -j DROP
-A FORWARD -d 10.10.10.1 -p tcp --dport 8888 -j ACCEPT
-A FORWARD -m limit --limit 1/second --limit-burst 100 -j LOG
-A FORWARD -j DROP
You probably need a permission in the FORWARD chain. Other than that tcpdump is your friend, see where the traffic goes/doesn't go. Have your cleanup rules log and check your logs.
Code:
-A INPUT -m limit --limit 1/second --limit-burst 100 -j LOG
-A INPUT -j DROP
-A FORWARD -d 10.10.10.1 -p tcp --dport 8888 -j ACCEPT
-A FORWARD -m limit --limit 1/second --limit-burst 100 -j LOG
-A FORWARD -j DROP
Thanks for your response
I cant load tcpdump on my ADSL router. It runs basic linux but only a couple things are available (its not anything fancy, definitely no package manager in there) so no tcpdump. Could you explain what those iptable rules are doing? I am still pretty new to this.
Is is a stock firmware on the router, or third party like openwrt , ddwrt , tomato?
Stock firmware, thats the biggest problem.
Since I want to replicate this process on most home ADSL routers (most accept telnet connectivity to a basic linux environment and iptables is always available in it), I don't really want a solution where a custom firmware needs to be loaded, even though I agree, it would be preferable.
Do you know how to accomplish this process using purely iptables?
I will try the solution displayed above, just been a hectic day. I would love some clarification on it though, don't quite understand what its doing, even though I did a little research. I am almost sure its a single line rule that needs to be added.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.