0

I would like to allow two clients (on the left side) to talk to one remote entity (on the right). All entities besides the linux PC are not configurable w.r.t. to listening ports.

I imagined the solution to be as follows

enter image description here

And use the following iptables configuration

iptables -t nat -F POSTROUTING
iptables -t nat -F PREROUTING

sudo iptables -t nat -A PREROUTING -i enp10s0 -p udp --sport 55555 -j DNAT --to a.b.c.d:55555
sudo iptables -t nat -A PREROUTING -i enp7s0 -p udp --dport 33333 -j DNAT --to 192.168.11.11:55555
sudo iptables -t nat -A PREROUTING -i enp7s0 -p udp --dport 44444 -j DNAT --to 192.168.11.12:55555

sudo iptables -t nat -A POSTROUTING -o enp7s0 -p udp --dport 55555 -j SNAT --to-source e.f.g.h

sudo iptables -t nat -A POSTROUTING -o enp10s0 -p udp --match multiport --sports 33333,44444 -j SNAT --to-source 192.168.11.2

But that does not work:

  • On 192.168.4.1, I see incoming traffic from 192.168.11 and .12
  • But on the linux PC I do not see any traffic being received on e.f.g.h to be forwarded to the .11 and .12 clients. Where is my mistake or how can I achieve the desired outcome by other means?
bonanza
  • 77
  • 4
  • 2
    Why do you want to NAT traffic? Why don't you use normal routing? – Tero Kilkanen Jul 09 '21 at 14:16
  • 1
    https://serverfault.com/questions/1068168/assign-each-nic-an-ip-range-or-subnet look at the answer, due i am mobile I can't copy my same answer here ;) – djdomi Jul 09 '21 at 16:58
  • @TeroKilkanen sorry for that poorly crafted question. What is now 192.168.4.x subnet is later meant to be come public IPv4 internet. I also cannot change the routing on the PC that is now labelled with 192.168.4.1. – bonanza Jul 12 '21 at 08:33

0 Answers0