Iptables translates a port range to a different port range on another host

Question

Iptables translates a port range to a different port range on another host

I want to redirect incoming requests to a port range (from 30,000 to 40,000) to another host in a different port range (10000-20000), displaying them from 1 to 1. (from 30,000 to 10,000, from 40,000 to 20,000, etc.) . If the port range is the same ie:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 10000:20000 -j DNAT --to [local_ip]:10000-20000

It works great. But if the initial port range is different from the port range on the secondary host:

 iptables -t nat -I PREROUTING -p tcp -m tcp --dport 30000:40000 -j DNAT --to [local_ip]:10000-20000

Then, instead of matching each port with it, the corresponding port, all connected connections on ports 30000-40000 are instead mapped to the same (random, I think) port on the secondary host (at the moment they all go to 13675).

I also tried using port forwarding using

 -j REDIRECT

I can't get this to work.

How can I support the same behavior from the first example for working with different port ranges?

+7

iptables nat

Alexandru Eftimie May 14 '14 at 10:33

source share

2 answers

I would try using xinit.d to accept incoming connections in your desired port range and ask it to automatically create something like netcat (nc) for each tunnel that is actively used.

Perhaps this link may help, it is similar: https://blog.linuxnet.ch/automatic-tunnels-with-xinetd-and-netcat/ or Executing a script when receiving an incoming connection with xinetd

+1

Buzz Feb 03 '15 at 5:09

source share

Alexandru Eftimie · Accepted Answer · 2014-08-03T00:25:58+0000

After a lot of searching and querying around, iptables obviously can't handle it, even if it doesn't use pseudo-interfaces.

Iptables translates a port range to a different port range on another host

More articles: