NAT IP based on incoming port

Issues related to configuring your network
Post Reply
Matarese
Posts: 1
Joined: 2014/11/25 09:15:47

NAT IP based on incoming port

Post by Matarese » 2014/11/25 09:46:16

I need to accomplish the following:
Incoming traffic on port 9001 should be routed to port 1812 on a remote host with a specific source IP.
Port translation works with the following config:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 9001 -j DNAT --to 172.16.0.10:1812
iptables -A FORWARD -p udp -d 172.16.0.10 --dport 1812 -j ACCEPT

My challenge is that I need to NAT that communication. I will have to do this for multiple ports.
Incoming port 9001 NAT to 192.168.160.91
Incoming port 9002 NAT to 192.168.160.92
Incoming port 9003 NAT to 192.168.160.93
Incoming port 9004 NAT to 192.168.160.94

I would like the end result to look like this in a trace:
192.168.160.90 = CentOS host
192.168.160.1 = True Source
172.16.0.10 = True Destination
Source Destination Protocol Length Info
192.168.160.1 192.168.160.90 UDP 88 Source port: 51387 Destination port: 9001
192.168.160.91 172.16.0.10 RADIUS 88 Access-Request(1) (id=49, l=46)
172.16.0.10 192.168.160.91 RADIUS 81 Access-Accept(2) (id=49, l=39)
192.168.160.90 192.168.160.1 UDP 81 Source port: 9001 Destination port: 51387

192.168.160.2 92.168.160.90 UDP 88 Source port: 51387 Destination port: 9002
192.168.160.92 172.16.0.10 RADIUS 88 Access-Request(1) (id=49, l=46)
172.16.0.10 192.168.160.92 RADIUS 81 Access-Accept(2) (id=49, l=39)
192.168.160.90 192.168.160.2 UDP 81 Source port: 9002 Destination port: 51387

192.168.160.3 192.168.160.90 UDP 88 Source port: 51387 Destination port: 9003
192.168.160.93 172.16.0.10 RADIUS 88 Access-Request(1) (id=49, l=46)
172.16.0.10 192.168.160.93 RADIUS 81 Access-Accept(2) (id=49, l=39)
192.168.160.90 192.168.160.2 UDP 81 Source port: 9003 Destination port: 51387

I have 192.168.160.91-93 defined as eth0:0, eth0:1 and eth0:2 but I’m not able to figure out how to map destination port (like 9001) to source IP (like 192.168.160.91).

jensd
Posts: 36
Joined: 2014/07/08 12:23:09

Re: NAT IP based on incoming port

Post by jensd » 2014/11/26 12:38:33

Recently I had to do the same.
Took some time and wrote everything down in a blog post: Forward a TCP port to another IP or port using NAT with Iptables

Post Reply