Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 01-31-2015, 02:01 PM   #1
LQ Newbie
Registered: May 2013
Posts: 5

Rep: Reputation: Disabled
Question iptables: trying to forward UDP traffic

Hello all,
I am trying to setup a system ( that will forward UDP traffic (port 6000) from a given host ( on a given port (6000) to another system (

The packet path should look like this: ----udp-----> ----udp---->

Here are the commands I use:
sysctl -w net.ipv4.ip_forward=1
iptables -F
iptables -t nat -A PREROUTING -s -p udp --dport 6000 -j DNAT --to-destination
iptables -t nat -A POSTROUTING -j MASQUERADE

Basically, nothing really happens when I run these commands the packets arrive on .91 but are not forwarded at all.
Note: all the 3 systems are in the same network, and in fact the third one .199 doesn't even exist which is fine, I am just trying to look at forwarding performance of the .91 system which is a Virtual Machine.

For completeness, I am running CentOS 6.5.

Any help appreciated!
Old 02-05-2015, 07:04 AM   #2
Ser Olmy
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,305

Rep: Reputation: Disabled
Destination NAT port forwarding to hosts in the same network as the original destination doesn't work. The problem is the return path, which will be asymmetric.

Let's say a client with the IP address attempts to reach the redirected port at The path of the packet in this slightly simplified version of your setup would look like this:
Code: ---udp---> ---udp--->
The packet will indeed be NATed by and forwarded to At this point, the packet has a destination address of, but the source address is unchanged (

For NAT to work, the reply packet has to be sent via in order to be "de-NATed", but there's no reason why would do that. Since is directly reachable (it's in the same network), will just reply to The problem is, is expecting a response from, not, and will therefore just discard the packet.

You have two options:
  1. Make sure all NAT operations take place on routers, and/or point all forwarded ports to hosts in other networks
  2. Perform destination NAT as well as source NAT, so that the address of the NATing host ( in this case) is the source address of the packet when it arrives at the final target (, ensuring that reply packets are forced to take the same path on their way back to the original client.
1 members found this post helpful.
Old 07-27-2017, 01:11 AM   #3
Senior Member
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Ubuntu, Debian, OS X
Posts: 1,305

Rep: Reputation: 107Reputation: 107

I too have a similar requirement.

I have setup an AWS NAT EC2 Instance (instead of managed AWS NAT Gateway) which is working fine and currently, only allows ports 80 and 443.
Now, all traffic from my private subnets gets redirected to my AWS NAT EC2 Instance. I also want to redirect all NTP (UDP) traffic to one of the public NTPs (say

This is the scenario.
  • - EC2 Instance in Private Subnet (has the IP of NAT Instance as a default Route)
  •, eth0 is disabled) - NAT EC2 Instance in Public Subnet
  • - Public NTP Server

My UDP Packet should something like this
Code: ---udp (123)---> ---udp (123)--->
I have tried these in vain

Some logs
root@ ntpdate -uv
27 Jul 16:06:42 ntpdate[11764]: ntpdate 4.2.6p5@1.2349-o Wed Apr 12 21:24:06 UTC 2017 (1)
27 Jul 16:06:50 ntpdate[11764]: no server suitable for synchronization found

root@ ntpdate -uv
27 Jul 16:06:30 ntpdate[510]: ntpdate 4.2.6p5@1.2349-o Wed Apr 12 21:24:06 UTC 2017 (1)
27 Jul 16:06:37 ntpdate[510]: adjust time server offset -0.020958 sec

Last edited by vikas027; 07-27-2017 at 01:26 AM.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
captive portal help using iptables to forward udp 53 (dns) to local nameserver slac-in-the-box Linux - Networking 0 09-07-2011 08:52 PM
iptables: forward traffic through server Swakoo Linux - Networking 3 03-30-2008 11:59 PM
how does IPTABLES -A FORWARD two way traffic without using connection tracking? farhan Linux - Security 4 09-05-2007 12:31 PM
How can I forward all traffic to to using IPtables? abefroman Linux - Networking 1 10-06-2005 03:19 PM
iptables forward traffic alaios Linux - Networking 1 09-28-2005 04:43 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:15 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration