Routing UDP packets to a specific NAT'd IP under ipchains and 2.4.0

Routing UDP packets to a specific NAT'd IP under ipchains and 2.4.0

Post by Jeff Silverma » Wed, 07 Feb 2001 18:43:21



Hi.  I have a firewall/server with the 2.4.0 kernel and ipchains set up as a combination NAT and
Firewall.  It works well: I have several machines on the internal network and for most tasks, i.e.
web, E-mail, ssh, telnet, FTP, it all works fine.

However, my son wants to play video games.  It looks to me as if UDP packets come in at random times
and from random places destined for my son's computer.  Is it possible (and if so, how do I do it?)
to configure ipchains such that when a UDP packet comes in from anywhere to anywhere on a specific
port, that the packet gets NATed to a specific IP address on the inside?

Or, if this can't be done using ipchains, is there an automatic translation program to translate
from ipchains to the new 2.4.0 firewall scheme?

Many thanks,

Jeff

--
Jeff Silverman, PC guy, Linux wannabe, Java wannabe, Software engineer, husband, father etc.
See my website: http://www.commercialventvac.com/~jeffs

 
 
 

Routing UDP packets to a specific NAT'd IP under ipchains and 2.4.0

Post by bill davids » Fri, 16 Feb 2001 01:59:57




| However, my son wants to play video games.  It looks to me as if UDP packets come in at random times
| and from random places destined for my son's computer.  Is it possible (and if so, how do I do it?)
| to configure ipchains such that when a UDP packet comes in from anywhere to anywhere on a specific
| port, that the packet gets NATed to a specific IP address on the inside?
|
|
| Or, if this can't be done using ipchains, is there an automatic translation program to translate
| from ipchains to the new 2.4.0 firewall scheme?

  I think there is, but you will probably be well off to start over,
because the stateful connections in iptables allow cleaner rules, as
well as working better. I had about 200 lines of firewall code, and I
took it a chain at a time, like this:
  - what am I doing here?
  - is that what I wanted or what I could get?
  - how do I do it with iptables?

  In the process I learned the options and stuff, and I did it with
iptables, not bits of three firewall, NAT, and other kits I needed to
get ipchains to do what I want. The system is dead stable, something I
can't say for the old version, and I have better control of how I log
and what I log.

  My next task is to learn micro-routing without a kit, so I can send
certain packets out one NIC and certain packets out another. Since one
NIC is connected via DHCP the IP changes, so I need to force by NIC. I
know it can be done with a kit, I just want to know what's really
happening.

  In any case, what you can easily do the NAT with iptables, although
I'm not totally sure if there are security implications of a wide open
path. No worse than direct connect, of course. Let the games begin!

--

At LinuxExpo Sun was showing Linux applications running on Solaris.
They don't get it, the arrow points the other way. There's a reason why
there's no SolarisExpo, Solaris is a tool; Linux is a philosophy, a
religion, a way of life, and only incidentally an operating system.

 
 
 

1. Can ipchains do IP packet filtering ( _no_ NAT) ?

Hi,

Title says it all: I'd like to set up a Linux box (Coyote Linux or
Eiger LRP) because a cheap router does not handle ACLs.

Thing is, everywhere I look, ipchains is used in conjunction with ip
masquerading.

Since I'll be using the same IP network on both interfaces, how does
routing work? Can ipchains indeed be used for packet filtering only?

Puzzled
FF.

2. ...connection reset by peer... ;-(

3. static NAT ipchains/ipnatadm/ip route?

4. why preinst.sh doesn't work?

5. ip route NAT + ipchains telnet problem

6. 00 COLA FAQ and Primer, Edition I

7. ipchains: How do I forward packets from a specific port to another machine?

8. HELP!! Data CD mount failure on Red Hat 7 system

9. IPCHAINS: Forwarding packets to specific devices

10. 2.4.18 NAT Problems with udp packets; kernel doesnt care about changed rules

11. Using ipchains to redirect UDP packets?

12. Quake udp packets and ipchains

13. Ignore all incoming udp/ip and udp/ip on all ports, except open ports?