3

I want to prevent direct access of my Windows Machine and want to expose some programs running on it via my Linux Machine (which again is accessible by a Public IP).

Is there a way where-in I can configure my Linux Machine (say IP = a.b.c.d) to route all the UDP traffic which it gets at a specific port (say 6667) to my Windows Machine (say IP = e.f.g.h) at port 6668?

Is yes, how can I implement it?

UPDATE

# bindadress bindport connectaddress connectport 192.168.2.45 6667 192.168.2.104 6668 # logging information logfile /var/log/rinetd.log # uncomment the following line if you want web-server style logfile format logcommon ~

UPDATE

I wish to route UDP traffic only.

Improve this question
1
  • Is the Linux machine the Windows machine's default router? Do you need replies to work too? Do you need the Windows machine to see the real source IP addresses of the UDP packets? (If the answers are "no", "yes", and "yes", you have a very hard problem.) Commented Jul 11, 2012 at 13:57

3 Answers 3

Reset to default
5

The following section works for TCP only (This was published before Mahendra changed the title

Install rinetd. In this program you can configure incoming port and outgoing port easily. First install the program. Then change /etc/rinetd.conf

Ex:

#bindadress bindport connectaddress connectport

a.b.c.d 6667 e.f.g.h 6668

For UDP check the link below

http://brokestream.com/udp_redirect.html

This is from the chat discussion which actually solved the problem

iptables -t nat -A PREROUTING -i $EXT_IF -p udp -d $EXT_IP --dport 53 -j DNAT --to-destination $INTERNAL_SERVER and make sure you also have it allowed to pass through the FORWARD chain with something like #forward traffic iptables -A FORWARD -i $EXT_IF -o $INT_IF -p udp -d $INTERNAL_SERVER --dport 53 -j ACCEPT #reply traffic iptables -A INPUT -o $EXT_IF -i $INT_IF -p udp -s $INTERNAL_SERVER --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
Improve this answer
8
  • Thank you.. this looks promising and easy to configure. Before I try it on my Live IP, I'd like to test it locally. Do you think this will work on local network as well? Commented Jul 11, 2012 at 10:08
  • yes of course. I've tested it Commented Jul 11, 2012 at 10:10
  • I'm not sure what's wrong, but doesn't seem to work for me locally. I posted my conf file in the question... Commented Jul 11, 2012 at 10:24
  • Did you restart the rinetd.If not; restart it: /etc/init.d/rinetd restart Commented Jul 11, 2012 at 10:45
  • Yes, I restarted it.. doesn't work yet... Commented Jul 11, 2012 at 10:57
1

Yes, this is called reverse NAT and is part of the IpTables capabilities of Linux. Every decent NATtins firewall does that to expose services.

Improve this answer
3
  • Can you show me a working command line for reverse NAT? Commented Jul 11, 2012 at 9:28
  • No, I dont use Linux outside of firewall appliances and I doubt the setup instructions for a MIkrotik ROuterOs installation woudld mean anything to you or be helpfull at all, sorry. Commented Jul 11, 2012 at 9:30
  • serverfault.com/questions/140622/… Commented Jul 11, 2012 at 11:12
1

This is an alternative UDP redirector for MacOS and Linux; in addition to the usual source / target, it supports specifying the source / destination interfaces, as well as dropping martians (UDP packets arriving from unknown sources).

You could run it as:

./udp-redirect \ --listen-address 192.168.2.45 --listen-port 6667 \ --connect-address 192.168.2.104 --connect-port 6668

Disclaimer: I am the author, and I am using it right now for this very post, to redirect Wireguard traffic.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.