0

I have similar problem to this: Keep source IP after NAT

I need to forward packets on a specific port from ip x.x.x.x to y.y.y.y. (x.x.x.x server is located in a different country outside x.x.x.x server LAN) I used rules mentioned in the question above but client packets still seem to arrive from forward server IP x.x.x.x and not from client IP.

Here are rules i use + ufw firewall with SSH port opened and forwarding allowed: 

FORWARDER_IP=x.x.x.x &&
SERVER_IP=y.y.y.y &&
SERVICE_PORT=12345 &&
TRANSPORT=udp &&

iptables -t nat -A PREROUTING -p $TRANSPORT -d $FORWARDER_IP --dport $PORT -j DNAT --to $SERVER_IP &&
iptables -t nat -A POSTROUTING -p $TRANSPORT -d $SERVER_IP --dport $PORT -j SNAT --to $FORWARDER_IP &&
iptables -t nat -A POSTROUTING -p $TRANSPORT -s $SERVER_IP --dport $PORT -j SNAT --to $FORWARDER_IP

Any idea what could be my problem?

Is this even possible? If not, could you recommend me another way to do this?

Community
  • 1
Richardds
  • 63
  • 1
  • 1
  • 6
  • 1
    You're doing `-j SNAT` ( source NAT) which replaces the original source ip-address, which you shouldn't be using if you don't want to replace the original client ip-address – HBruijn Feb 09 '17 at 22:35
  • If I don't use SNAT packets are dropped because reply comes from y.y.y.y not from x.x.x.x. There is no active connection between client and y.y.y.y. – Richardds Feb 19 '17 at 05:12

0 Answers0