Hello everybody!

I've got a situation where I need to setup something that does the following:

Host: 1.2.3.4 Port 1234

Remote Host 5.6.7.8 Port 5678

If I connect to host 1.2.3.4:1234 it forwards things to 5.6.7.8:5678

1.2.3.4:1234 should accept any connection on there and just foward it on...

I've seen some examples with IPTables doing this...these seem to be for the software/connections that originate on that host to be forwarded, but not something that comes in via net, ie:

9.0.1.2.3:1234 - > 1.2.3.4:1234 - > 5.6.7.8:5678

Basically this is just "proxy" in other words to the host...but this would be TCP or UDP traffic that comes in...

A VPN via say OpenVPN to this host and forward everything out is one solution, but for this case its not an option... I really only need to forward ONE SPECIFIC HOST:PORT to ONE SPECIFIC REMOTE HOST:PORT. I don't want to forward out all traffic via the VPN to this host, and then on... I've got other things that are VPN'd out to places...

I really just want to be able to point the software that I need to do this at this 1.2.3.4:5678 and it forwards everything to 5.6.7.8:5678 TCP/UDP

I am NOT an iptables guru.... I probably could do this with some Cisco IOS stuff if I had it at the location, but this is not a colo right now...

Any one have other suggestions or solutions???



An example of what I've seen in various similar forms on various sites:

https://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/


# echo "1" > /proc/sys/net/ipv4/ip_forward

or

# sysctl net.ipv4.ip_forward=1

Then, we will add a rule telling to forward the traffic on port 1111 to ip 2.2.2.2 on port 1111:

# iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111

and finally, we ask IPtables to masquerade:

iptables -t nat -A POSTROUTING -j MASQUERADE

Optionally, you could only redirect the traffic from a specific source/network with, for a host only:

# iptables -t nat -A PREROUTING -s 192.168.1.1 -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111

or for a whole network

# iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111





Rick


... Ding Dong the Witch is DEAD! I Made America Great Again! President Trump! --- GoldED+/LNX 1.1.5-b20161221
# Origin: Vina's Talos Moon Base Alpha (1:135/377)
* Origin: LiveWire BBS - Synchronet - LiveWireBBS.com (1:2320/100)

Hello Rick!

09 Mar 17 21:15, I wrote to all:

I've got a situation where I need to setup something that does the following:

Host: 1.2.3.4 Port 1234

Remote Host 5.6.7.8 Port 5678

I am NOT an iptables guru.... I probably could do this with some Cisco
IOS stuff if I had it at the location, but this is not a colo right
now...

For any one who is following and looking for a simillar solution to this....

redir TCP port redirector

sudo apt-get install redir

This seems to be a slight different version as the syntax is a little different
than that referenced on many places...

Any way...

redir --lport 80 --cport 8000 &

This allows me to quickie redirect something to server which provides its own internal "web server" of a sort and users don't need to add the :8000


redir --name fwdit --lport 2222 --cport 2221 --caddr host.super.invalid &

Lets me forward things from my server to another to connect up.... for just that server...

This is much better than working with iptables... Why??? One slip up and you can chase issues for days or more.. or loose connection and on a remote host...
thats not good!

This version doesn't seen to have the daemon mode that the GitHub one references... so use & to send it to background and remember anything below 1024 will need root to redirect...

You could probavly use screen and others, or inetd to run at start up etc...

But here is the solution I chose for others if you were following along...


Rick


... Ding Dong the Witch is DEAD! I Made America Great Again! President Trump! --- GoldED+/LNX 1.1.5-b20161221
# Origin: Vina's Talos Moon Base Alpha (1:135/377)
* Origin: LiveWire BBS - Synchronet - LiveWireBBS.com (1:2320/100)