LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-21-2021, 06:31 AM   #1
ANewHome
LQ Newbie
 
Registered: Jul 2021
Posts: 3

Rep: Reputation: Disabled
Linux Router [FOB] touchpoint


Trying to setup a little AWS Box (Debian Linux) to act as a router taking public traffic (eth0 - single network interface) and redirecting it to a different public IP address, different ports and then send the traffic back to the clients. One of the major reasons for doing this is the Linux box has good DDOS protection and I will setup the Dest-IP to only accept traffic from the linux box.

The port mappings (TCP & UDP):
Src-IP, Src-Port, Dest-IP, Dest-Port
ALL, 27106,168.119.149.150,27015
ALL, 8000,168.119.149.150,7777
ALL, 8001,168.119.149.150,7778

What I am trying to get to happen:
Traffic in:
Public IP (Client App) [27106,8000,8001] -> Linux Box -> Destination Public Server (AA) [27015,7777,7778]

Return Traffic:
Public Server (AA) [27015,7777,7778] -> Linux Box -> Public IP (Client App) [27106,8000,8001]

The problem, is it doesn't seem to be working as I'm expecting it to - can anyone give some pointers on what I'm doing wrong?

The /etc/iptables/rules.v4 is currently:
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p udp -m udp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p udp -m udp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A PREROUTING -p udp -m udp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A POSTROUTING -p tcp -m tcp --dport 27015
-A POSTROUTING -p udp -m udp --dport 27015
-A POSTROUTING -p tcp -m tcp --dport 7777
-A POSTROUTING -p udp -m udp --dport 7777
-A POSTROUTING -p tcp -m tcp --dport 7778
-A POSTROUTING -p udp -m udp --dport 7778

COMMIT
# Completed on Wed Jul 21 09:48:33 2021
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Jul 21 09:48:33 2021

The AWS Firewall end-points are configured to accept all traffic [TCP/UDP] - so its not that, I can only think I've not setup the rules file incorrectly?


UPDATE: Got to the root of the issue AWS does not allow spoofing of IP Addresses, so adding MASQUERADE (-A POSTROUTING -p tcp -m tcp --dport 27015 -j MASQUERADE) allows this to work perfectly.

Last edited by ANewHome; Yesterday at 05:21 AM. Reason: Solution Update
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
got a netgear dlink fob in a usb slot on desktop pc with ubuntu 11.04 and cant connec inxs1111 Linux - Newbie 2 08-16-2011 03:25 PM
ub_modswitch AM10 wireless FOB mrmnemo Linux - Hardware 1 07-20-2011 01:08 PM
Small Linux Router/firewall behind D-Link Hardware router dleidlein Linux - Networking 6 04-30-2007 05:12 AM
/etc/resolv.conf configuration when behind a router(not a linux router) rmanocha Linux - Networking 2 04-28-2004 01:52 AM
ADSL Router + Linux Router + LAN = HELP!!! linuxlois Linux - General 2 09-16-2003 08:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:36 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration