Easy TCP+UDP tunneling
Hello members,
what is the best way to tunnel both, TCP and UDP from one network to another (external, not local) without having to set something up on the receiving end (so no GRE/VPN)? How about iptables NAT for UDP and redir or x/rinetd for TCP? What do you prefer and why? |
The idea of a tunnel is just like a train tunnel. No way to go in between the ends.
You would have to have something on the other end. If you can't run some software then you need a hardware device. |
The TCP and UDP traffic can already reach destination without setup anything. The tunnel deal with private network and have to configure something on both side. What's your main purpose?
|
I want to forward some TCP and UDP services (such as FTP, DNS, maybe HTTP but there are better solutions for that, voice server, etc.) from one server to another one. It already works pretty well with NAT, but I wanted to hear your thoughts about other solutions. The other things I listed do work too for my purpose, such as redir and rinetd, I'd just like to hear your opinions and alternatives.
|
You can use udp_redirect tool to redirect UDP tarffic.
|
Quote:
Code:
iptables -t nat -A PREROUTING -p <tcp/udp> -d $local_ip -j DNAT --to-destination $remote_ip |
From my point, iptable is more flexible and powerful but too complicated. The redir or udp_redirect is simple and easy but maybe less powerful. Both could be working, just dependant on requirement.
|
Well, I stated my requirement above (forward services such as FTP, HTTP, DNS, voice server, from one server to another) and the iptables rules I came up with are quite easy. How do these services differ from iptables NAT? I'd like to know any upsides or downsides, except for the obvious, such as configuration.
Edit: I'm mainly asking this, because someone told me iptables NAT would be "bad" for that and I should rather use redir or rinetd. Now I'm trying to figure the reason why that would be. :) |
First of all, is NAT necessary if only forwarding or redirecting traffic from one server to another one.
The redir or rinetd doesn't support NAT. |
Iptables can be bad for dynamic protocols that don't use static ports such as FTP (can't remember which one, active or passive). I believe it has a ftp-helper module so this might be a non-issue. Most other protocols are well-behaved and do not exhibit this behavior.. unless your using an industrial protocol perhaps :P
IPtables/NAT also has an advantage of firewalling on specific conditions and offering some protection to the hosts on the other side by limiting their surface area. In my opinion I'd just use iptables and call it a day for what your doing with it unless your changing IP addresses or 1-to-1 NATing (but you can do this anyways with iptables). |
Quote:
|
Anyone?
|
Good question, but since your just forwarding services... just use iptables. If you need a hand PM me.
If noone is answering either your doing it wrong or the question has been answered by yourself or the people replying ;) |
Dam double post.
|
All times are GMT -5. The time now is 10:42 PM. |