How do i redirect all traffic from public IP to another public ip?

Posted on 2009-02-22
Medium Priority
Last Modified: 2013-12-19
I have a machine in a shared hosting, it listen to varies udp ports.
I like to move it to a private cage, but the IP address can't move with it.
is there any way, maybe using linux or such,
to do a simple redirect to all traffic coming to the original IP to the new IP address?

I've checked IPTABLES, but I'm still not sure how can it be done...

Question by:bercko21
  • 4
  • 2
LVL 16

Accepted Solution

Blaz earned 1500 total points
ID: 23708908
Yes it can be done with linux. But note there are some limitations - specifically you need to do DNAT as well as SNAT on the linux machine, which means that you will not see source IPs on your hosting box - all traffic will come from your linux machine.

a short script that will acomplish UDP port 2000 forwarding

echo "1" > /proc/sys/net/ipv4/ip_forwarding
iptables -t filter -A FORWARD -d <your hosting box IP> -p udp --dport 2000 -m state -state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -m state -state ESTABLISHED -j ACCEPT
iptables -t filter -A FORWARD -j DROP
iptables -t nat -A PREROUTING -d <linux box IP> -p udp --dport 2000 -j DNAT --to-destination <your hosting box IP>
iptables -t nat -A POSTROUTING -d <your hosting box IP> -p udp --dport 2000 -j SNAT --to-source <linux box IP>

LVL 16

Expert Comment

ID: 23708940
If you wish to redirect all traffic you could drop the "-p udp --dport 2000" parts of the rules. Note that if this is the only public IP of the linux box you will not be able to connect to it at all (like SSH).

iptables -t filter -A FORWARD -d <your hosting box IP> -m state -state NEW,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -d <linux box IP> -j DNAT --to-destination <your hosting box IP>
iptables -t nat -A POSTROUTING -d <your hosting box IP> -j SNAT --to-source <linux box IP>

Author Comment

ID: 23709669
Thanks Blaz for your help!

By ports or all trafiic, both are fine,
I've tried typing the solution you brought and I'm getting "Bad argument `NEW,ESTABLISHED'"
any ideas regarding it?
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

LVL 16

Expert Comment

ID: 23710091
I think I made a typo. The rule should read:
iptables -t filter -A FORWARD -d <your hosting box IP> -p udp --dport 2000 -m state --state NEW,ESTABLISHED -j ACCEPT

Note the double hypen before state.

Author Comment

ID: 23710742
I notice the typo, it didn't make a difference...
I still trying it here, but so far It's not working for some reason....
LVL 27

Assisted Solution

Nopius earned 500 total points
ID: 23733446
Run: modprobe ip_conntrack
then, this command should work...
LVL 16

Expert Comment

ID: 25919463
I believe that I gave a working configuration to solve the question in comment #23708908. The only problem asker was having should be resolved by Nopius's comment #23733446 and the asker did not report any problems with the solution afterwards.

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question