NAT UDP traffic
Hello,
I would like to NAT all the INCOMING UDP traffic only with destination ip address of 10.110.0.230 to my firewall IP address.
I used the following commands:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -p udp -o eth0 -j SNAT --to 10.110.1.3
Then I sent udp traffic via iperf3 but could see the NAT to my FW IP on tcpdump.
- Server IP address on eth0 = 10.110.0.230
- FireWall IP address (NAT to) = 10.110.1.3
Can you advice please?
BR,
Yaron
Responses
SNAT is for changing the source IP address/port of the packets, it won't change the destination IP. For changing the destination of the packets, you'll need DNAT, which will happen in PREROUTING and/or OUTPUT chains. So which address you'd want to change, source or destination?
Assuming I understood your requirements correctly, if the server you're running iptables in has IP address 10.110.0.230, and you want the incoming UDP traffic to it to go tto the firewall instead, the necessary iptables command would be something like:
# iptables -t nat -A PREROUTING -p udp -d 10.110.0.230 -j DNAT --to-destination 10.110.1.3
Since iptables works on the kernel level and tcpdump is an user-level program, tcpdump would see the addresses as already changed by the iptables rules.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.