Easy TCP+UDP tunneling
 

Hello members,

what is the best way to tunnel both, TCP and UDP from one network to another (external, not local) without having to set something up on the receiving end (so no GRE/VPN)? How about iptables NAT for UDP and redir or x/rinetd for TCP? What do you prefer and why?

The idea of a tunnel is just like a train tunnel. No way to go in between the ends.

You would have to have something on the other end.

If you can't run some software then you need a hardware device.

The TCP and UDP traffic can already reach destination without setup anything. The tunnel deal with private network and have to configure something on both side. What's your main purpose?

I want to forward some TCP and UDP services (such as FTP, DNS, maybe HTTP but there are better solutions for that, voice server, etc.) from one server to another one. It already works pretty well with NAT, but I wanted to hear your thoughts about other solutions. The other things I listed do work too for my purpose, such as redir and rinetd, I'd just like to hear your opinions and alternatives.

You can use udp_redirect tool to redirect UDP tarffic.

Thanks for the tip. So my other questions would be if and why this (and redir/rinetd for TCP) would be better or worse than just using iptables symmetric NAT, like:

From my point, iptable is more flexible and powerful but too complicated. The redir or udp_redirect is simple and easy but maybe less powerful. Both could be working, just dependant on requirement.

Well, I stated my requirement above (forward services such as FTP, HTTP, DNS, voice server, from one server to another) and the iptables rules I came up with are quite easy. How do these services differ from iptables NAT? I'd like to know any upsides or downsides, except for the obvious, such as configuration.

Edit: I'm mainly asking this, because someone told me iptables NAT would be "bad" for that and I should rather use redir or rinetd. Now I'm trying to figure the reason why that would be. :)

First of all, is NAT necessary if only forwarding or redirecting traffic from one server to another one.
The redir or rinetd doesn't support NAT.

Iptables can be bad for dynamic protocols that don't use static ports such as FTP (can't remember which one, active or passive). I believe it has a ftp-helper module so this might be a non-issue. Most other protocols are well-behaved and do not exhibit this behavior.. unless your using an industrial protocol perhaps :P

IPtables/NAT also has an advantage of firewalling on specific conditions and offering some protection to the hosts on the other side by limiting their surface area. In my opinion I'd just use iptables and call it a day for what your doing with it unless your changing IP addresses or 1-to-1 NATing (but you can do this anyways with iptables).

Thank you for your reply! Exactly, NAT with port forwarding and 1:1 NAT in some cases was the solution I thought of first. But now for example, if we have a look at tutorials on how to protect Minecraft servers from DDoS (just using this as an example, as it's for a similar purpose, although I'm not looking to "DDoS protect" Minecraft servers), you will notice that for example redir is suggested here and tcptunnel here. Articles like these were the reason I got confused. Why would they suggest these forwarding tools, if it's just as easy and probably even better to accomplish with iptables?

Anyone?

Good question, but since your just forwarding services... just use iptables. If you need a hand PM me.

If noone is answering either your doing it wrong or the question has been answered by yourself or the people replying ;)

Dam double post.