Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-21-2021, 06:31 AM   #1
LQ Newbie
Registered: Jul 2021
Posts: 3

Rep: Reputation: Disabled
Linux Router [FOB] touchpoint

Trying to setup a little AWS Box (Debian Linux) to act as a router taking public traffic (eth0 - single network interface) and redirecting it to a different public IP address, different ports and then send the traffic back to the clients. One of the major reasons for doing this is the Linux box has good DDOS protection and I will setup the Dest-IP to only accept traffic from the linux box.

The port mappings (TCP & UDP):
Src-IP, Src-Port, Dest-IP, Dest-Port
ALL, 27106,,27015
ALL, 8000,,7777
ALL, 8001,,7778

What I am trying to get to happen:
Traffic in:
Public IP (Client App) [27106,8000,8001] -> Linux Box -> Destination Public Server (AA) [27015,7777,7778]

Return Traffic:
Public Server (AA) [27015,7777,7778] -> Linux Box -> Public IP (Client App) [27106,8000,8001]

The problem, is it doesn't seem to be working as I'm expecting it to - can anyone give some pointers on what I'm doing wrong?

The /etc/iptables/rules.v4 is currently:
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
-A PREROUTING -p tcp -m tcp --dport 27106 -j DNAT --to-destination
-A PREROUTING -p udp -m udp --dport 27106 -j DNAT --to-destination
-A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination
-A PREROUTING -p udp -m udp --dport 8000 -j DNAT --to-destination
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination
-A PREROUTING -p udp -m udp --dport 8001 -j DNAT --to-destination
-A POSTROUTING -p tcp -m tcp --dport 27015
-A POSTROUTING -p udp -m udp --dport 27015
-A POSTROUTING -p tcp -m tcp --dport 7777
-A POSTROUTING -p udp -m udp --dport 7777
-A POSTROUTING -p tcp -m tcp --dport 7778
-A POSTROUTING -p udp -m udp --dport 7778

# Completed on Wed Jul 21 09:48:33 2021
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
# Completed on Wed Jul 21 09:48:33 2021

The AWS Firewall end-points are configured to accept all traffic [TCP/UDP] - so its not that, I can only think I've not setup the rules file incorrectly?

UPDATE: Got to the root of the issue AWS does not allow spoofing of IP Addresses, so adding MASQUERADE (-A POSTROUTING -p tcp -m tcp --dport 27015 -j MASQUERADE) allows this to work perfectly.

Last edited by ANewHome; Yesterday at 05:21 AM. Reason: Solution Update


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
got a netgear dlink fob in a usb slot on desktop pc with ubuntu 11.04 and cant connec inxs1111 Linux - Newbie 2 08-16-2011 03:25 PM
ub_modswitch AM10 wireless FOB mrmnemo Linux - Hardware 1 07-20-2011 01:08 PM
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 05:12 AM
/etc/resolv.conf configuration when behind a router(not a linux router) rmanocha Linux - Networking 2 04-28-2004 01:52 AM
ADSL Router + Linux Router + LAN = HELP!!! linuxlois Linux - General 2 09-16-2003 08:24 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:36 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration