Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-18-2013, 07:44 AM
|
#1
|
LQ Newbie
Registered: May 2012
Posts: 26
Rep: 
|
Easy TCP+UDP tunneling
Hello members,
what is the best way to tunnel both, TCP and UDP from one network to another (external, not local) without having to set something up on the receiving end (so no GRE/VPN)? How about iptables NAT for UDP and redir or x/rinetd for TCP? What do you prefer and why?
|
|
|
02-19-2013, 03:48 PM
|
#2
|
Moderator
Registered: Mar 2008
Posts: 22,280
|
The idea of a tunnel is just like a train tunnel. No way to go in between the ends.
You would have to have something on the other end.
If you can't run some software then you need a hardware device.
|
|
|
02-19-2013, 03:49 PM
|
#3
|
Senior Member
Registered: Apr 2009
Posts: 1,894
Rep: 
|
The TCP and UDP traffic can already reach destination without setup anything. The tunnel deal with private network and have to configure something on both side. What's your main purpose?
|
|
|
02-19-2013, 03:54 PM
|
#4
|
LQ Newbie
Registered: May 2012
Posts: 26
Original Poster
Rep: 
|
I want to forward some TCP and UDP services (such as FTP, DNS, maybe HTTP but there are better solutions for that, voice server, etc.) from one server to another one. It already works pretty well with NAT, but I wanted to hear your thoughts about other solutions. The other things I listed do work too for my purpose, such as redir and rinetd, I'd just like to hear your opinions and alternatives.
|
|
|
02-21-2013, 03:36 PM
|
#5
|
Senior Member
Registered: Apr 2009
Posts: 1,894
Rep: 
|
You can use udp_redirect tool to redirect UDP tarffic.
|
|
|
02-22-2013, 10:13 AM
|
#6
|
LQ Newbie
Registered: May 2012
Posts: 26
Original Poster
Rep: 
|
Quote:
Originally Posted by nini09
You can use udp_redirect tool to redirect UDP tarffic.
|
Thanks for the tip. So my other questions would be if and why this (and redir/rinetd for TCP) would be better or worse than just using iptables symmetric NAT, like:
Code:
iptables -t nat -A PREROUTING -p <tcp/udp> -d $local_ip -j DNAT --to-destination $remote_ip
iptables -t nat -A POSTROUTING -p <tcp/udp> --dst $remote_ip -j SNAT --to-source $local_ip
iptables -A FORWARD -p <tcp/udp> -d $remote_ip -j ACCEPT
iptables -A FORWARD -p <tcp/udp> -s $local_ip -j ACCEPT
Last edited by r00t; 02-28-2013 at 06:28 PM.
|
|
|
02-22-2013, 04:02 PM
|
#7
|
Senior Member
Registered: Apr 2009
Posts: 1,894
Rep: 
|
From my point, iptable is more flexible and powerful but too complicated. The redir or udp_redirect is simple and easy but maybe less powerful. Both could be working, just dependant on requirement.
|
|
|
02-22-2013, 04:32 PM
|
#8
|
LQ Newbie
Registered: May 2012
Posts: 26
Original Poster
Rep: 
|
Well, I stated my requirement above (forward services such as FTP, HTTP, DNS, voice server, from one server to another) and the iptables rules I came up with are quite easy. How do these services differ from iptables NAT? I'd like to know any upsides or downsides, except for the obvious, such as configuration.
Edit: I'm mainly asking this, because someone told me iptables NAT would be "bad" for that and I should rather use redir or rinetd. Now I'm trying to figure the reason why that would be. 
Last edited by r00t; 02-22-2013 at 04:33 PM.
|
|
|
02-25-2013, 03:46 PM
|
#9
|
Senior Member
Registered: Apr 2009
Posts: 1,894
Rep: 
|
First of all, is NAT necessary if only forwarding or redirecting traffic from one server to another one.
The redir or rinetd doesn't support NAT.
|
|
|
02-28-2013, 06:03 PM
|
#10
|
Member
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210
Rep:
|
Iptables can be bad for dynamic protocols that don't use static ports such as FTP (can't remember which one, active or passive). I believe it has a ftp-helper module so this might be a non-issue. Most other protocols are well-behaved and do not exhibit this behavior.. unless your using an industrial protocol perhaps :P
IPtables/NAT also has an advantage of firewalling on specific conditions and offering some protection to the hosts on the other side by limiting their surface area. In my opinion I'd just use iptables and call it a day for what your doing with it unless your changing IP addresses or 1-to-1 NATing (but you can do this anyways with iptables).
Last edited by Lantzvillian; 02-28-2013 at 06:05 PM.
Reason: forgot something
|
|
|
02-28-2013, 06:23 PM
|
#11
|
LQ Newbie
Registered: May 2012
Posts: 26
Original Poster
Rep: 
|
Quote:
Originally Posted by Lantzvillian
IPtables/NAT also has an advantage of firewalling on specific conditions and offering some protection to the hosts on the other side by limiting their surface area. In my opinion I'd just use iptables and call it a day for what your doing with it unless your changing IP addresses or 1-to-1 NATing (but you can do this anyways with iptables).
|
Thank you for your reply! Exactly, NAT with port forwarding and 1:1 NAT in some cases was the solution I thought of first. But now for example, if we have a look at tutorials on how to protect Minecraft servers from DDoS (just using this as an example, as it's for a similar purpose, although I'm not looking to "DDoS protect" Minecraft servers), you will notice that for example redir is suggested here and tcptunnel here. Articles like these were the reason I got confused. Why would they suggest these forwarding tools, if it's just as easy and probably even better to accomplish with iptables?
Last edited by r00t; 02-28-2013 at 06:25 PM.
|
|
|
03-06-2013, 06:24 AM
|
#12
|
LQ Newbie
Registered: May 2012
Posts: 26
Original Poster
Rep: 
|
Anyone?
|
|
|
03-07-2013, 12:11 PM
|
#13
|
Member
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210
Rep:
|
Good question, but since your just forwarding services... just use iptables. If you need a hand PM me.
If noone is answering either your doing it wrong or the question has been answered by yourself or the people replying 
|
|
|
03-07-2013, 12:11 PM
|
#14
|
Member
Registered: Oct 2007
Location: BC, Canada
Distribution: Fedora, Debian
Posts: 210
Rep:
|
Dam double post.
Last edited by Lantzvillian; 03-07-2013 at 12:13 PM.
|
|
|
All times are GMT -5. The time now is 07:08 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|