0

i'm looking for a way to redirect traffic to an other ip on a certain port.

Been able to do this with iptables on linux and netsh on windows but in both cases the client gets the ip address of the "redirection" server. It kind of works as a proxy, which in don't want.

for example: client (1.1.1.1) > redirection server (2.2.2.2) > destination server (3.3.3.3) in my attempts stated above the client's visible ip on the destination server becomes the ip of the redirection server.

What i'm looking for is a way to "kick" the client to 3.3.3.3 via 2.2.2.2 so that 1.1.1.1 (the client's ip and connection itself) would be visible and no longer need the redirection server. Either on a windows or linux server.

UDP by the way. I need it to direct players in gameservers to backup servers in case 1 breaks down or is under an attack.

Anyone an idea?

Improve this question

2 Answers 2

Reset to default
1

You can do this even with iptables:

iptables -t nat -d 2.2.2.2 -j DNAT --to 3.3.3.3

Though this only works if 3.3.3.3 routes its outgoing traffic through 2.2.2.2 again or your network is configured to allow the otherwise inevitable asymmetric routing.

Improve this answer
3
  • +1, using NAT the external source IP should remain intact. Commented Apr 6, 2013 at 11:38
  • i did try these rules on "2.2.2.2": iptables -t nat -A PREROUTING -i eth0 -p udp --dport 7778 -j DNAT --to 3.3.3.3:7778 iptables -A FORWARD -i eth0 -p udp --dport 7778 -d 3.3.3.3 -j ACCEPT iptables -t nat -A PREROUTING -p udp -dport 7778 -j DNAT -to-destination 3.3.3.3:7778 iptables -t nat -A POSTROUTING -j MASQUERADE players got the ip from "2.2.2.2" in the gameserver, can't have this because 1. we can't identify a player (or ban his ip when needed) 2. routing server working as proxy, with to many players it would become unplayable. 3. our gameservers bans for join flooding from the same ip Commented Apr 6, 2013 at 13:35
  • That's because you added a MASQUERADE rule. Don't do that. Commented Apr 6, 2013 at 14:10
0

Usually this is accomplished using a load balancer and session persistence. If a node behind the LB fails its healthcheck and is dropped from the pool, a connection to a new server in the pool is made.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.