I am trying to forward UDP port 500 to 2500 on local host, but can’t get this to work – I have run:
iptables -t nat -A PREROUTING -p udp -d 192.168.1.10 –dport 500 -j DNAT –to-destination 192.168.1.10:2500
iptables -A FORWARD -p udp -d 192.168.1.10 –dport 2500 -j ACCEPT
我正在尝试将本地主机上的UDP端口500转发到2500,但是无法正常工作-我已经运行:
iptables -t nat -A路由-p udp -d 192.168.1.10 –dport 500 -j DNAT –目标192.168.1.10:2500
iptables -A转发-p udp -d 192.168.1.10 –dport 2500 -j接受
where 192.168.1.10 is the IP of my local host, but if in one session I run netcat:
nc -u 192.168.1.10:500
and in a 2nd sessions run:
nc -l -u 500
and a 3rd session run:
nc -l -u 2500
其中192.168.1.10是我的本地主机的IP,但是如果在一个会话中运行netcat:
nc -u 192.168.1.10:500
在第二个会话中运行:
nc -l -u 500
并运行第三个会话:
数控-l -u 2500
then data I enter in session 1 is received on session 2, not session 3, so packets are not being forwarded. I did have this working, but I didn’t make rules persistent and after rebooting I can’t get this to work:
# cat /proc/sys/net/ipv4/ip_forward
1
# iptables -t nat -S;iptables -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 192.168.1.10/32 -p udp -m udp –dport 500 -j DNAT –to-destination 192.168.1.10:2500
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A FORWARD -d 192.168.1.10/32 -p udp -m udp –dport 2500 -j ACCEPT
则我在会话1中输入的数据是在会话2而不是会话3上接收的,因此不会转发数据包。 我确实有这个工作,但是我没有使规则持久化,重新启动后我无法使它工作:
#cat / proc / sys / net / ipv4 / ip_forward
1个
#iptables -t nat -S; iptables -S
-P接受
-P输入接受
-P输出接受
-P接受
-A PREROUTING -d 192.168.1.10/32 -p udp -m udp –dport 500 -j DNAT –目标192.168.1.10:2500
-P输入接受
-P向前接受
-P输出接受
-A转发-d 192.168.1.10/32 -p udp -m udp –dport 2500 -j接受
What am I missing?
我想念什么?
For redirecting of packets to a port to another localhost’s port, you can use ‘REDIRECT’ instead of DNAT:
要将数据包重定向到端口到另一个本地主机的端口,可以使用“ REDIRECT ”而不是DNAT:
(using 10.8.1.200 as one example)
(以10.8.1.200为例)
iptables -t nat -A PREROUTING -d 10.8.1.200/32 -p udp -m udp --dport 500 -j REDIRECT --to-ports 2500
If you would like to make your localhost to use 10.8.1.200:2500 too, you need one additional OUTPUT rule:
如果您也想让本地主机也使用10.8.1.200:2500,则需要一个附加的OUTPUT规则:
iptables -t nat -A OUTPUT -d 10.8.1.200/32 -p udp -m udp --dport 500 -j REDIRECT --to-ports 2500
Overall:
总体:
# iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 10.8.1.200/32 -p udp -m udp --dport 500 -j REDIRECT --to-ports 2500
-A OUTPUT -d 10.8.1.200/32 -p udp -m udp --dport 500 -j REDIRECT --to-ports 2500
Cheers.
干杯。
Thanks this worked, and it works adding OUTPUT rule for the DNAT & FORWARD rules in my OP or using REDIRECT as in your post.
感谢这项工作,并且可以在我的OP中为DNAT和FORWARD规则添加OUTPUT规则,或者像在您的帖子中一样使用REDIRECT。
Thanks
谢谢
Mike
麦克风
翻译自: https://www.systutorials.com/port-forwarding-on-local-host/