1

I need to redirect incoming UDP traffic to two services listening different UDP ports on localhost. I tried:

iptables -t nat -I PREROUTING -p udp -d 10.11.12.13 --dport 22 -j DNAT --to-destination 127.0.0.1:1234 --to-destination 127.0.0.1:4321

But the error was:

iptables v1.6.0: DNAT: Multiple --to-destination not supported

The same thing with --to-ports option:

iptables v1.6.0: REDIRECT: option "--to-ports" can only be used once

Then I tried iptables TEE. But in --gateway option it implies just IP address, so I can't do even like:

iptables -t mangle -I PREROUTING -p udp -d 10.11.12.13 --dport 22 -j TEE --gw 127.0.0.1:1234

Is there a way to "duplicate" UDP traffic using iptables or in some other handy way in Linux?

P.S. The question is about one-direction UDP traffic (e.g. incoming syslog traffic). It's obviously that it has nothing to do with TCP in such scamscheme, because TCP has connection and it's impossible to establish connection from one port to two another ports. But it seems that it can be done with UDP (because there is no need to establish a connection).


Some posts that сlarified the situation, but didn't help: 1, 2 and 3.

z0lupka
  • 139
  • 1
  • 11
  • I am not 100% sure why someone would need such a weird behavior. In case you need your application to talk to two ports, just make that application the way you want. If you are talking about traffic duplication, then there are networking tools for that, you could sniff those packets with tcpdump/wireshark, but that is going to be a custom bash script or something. OR to make two rules like mentioned here: https://superuser.com/questions/853077/iptables-duplicate-traffic-to-another-ip – Dmitriy Kupch Dec 05 '18 at 16:34
  • You might benefit from using LVS if you configure this loadbalancer in a way you want it. http://www.linuxvirtualserver.org/whatis.html – Dmitriy Kupch Dec 05 '18 at 16:34
  • @DmitriyKupch This is *syslog* over UDP. I can't change *syslog* settings and I'm just able to receive UDP on some determined port. And there are two other ports listening by applications, which should just process *syslog*-traffic. I have to deliver traffic to both applications on that Linux host. Is it really weird? – z0lupka Dec 05 '18 at 21:10
  • Can't those applications listen on the same port (considering that fact that you are using UDP)? – Dmitriy Kupch Dec 05 '18 at 21:18
  • @DmitriyKupch It is about production server and it's not some custom scripts but two commercial applications that need to work appropriately and listen particular ports. So unfortunately there is no such ability.. – z0lupka Dec 06 '18 at 08:53

1 Answers1

1

The only other thing I could think of is to capture the traffic using some packet sniffer and then resend it to another destination.

Check the following links:

https://linux.die.net/man/1/tcpreplay-edit

https://linux.die.net/man/1/tcpreplay

http://tcpreplay.synfin.net/wiki/tcprewrite

In my understanding it could look similar to the following: tcpdump -i eth1 -w - 'udp and port 80' | tcprewrite --portmap=80:8080 | tcpreplay -i eth1 - OR something like this based on the "tcpreplay-edit" article: tcpdump -i eth1 -w - 'udp and port 80' | tcpreplay --portmap=80:8080 -i eth1 -

Dmitriy Kupch
  • 451
  • 2
  • 6