On 14/08/09 12:04, Tony Sceats wrote:
Hi Sluggers,
I have a strange requirement to redirect UDP packets sent to
255.255.255.255, forwarding them to another machine in a remote network...
yes, this is borked - there is an application sending data to
255.255.255.255, not multicast or unicast, but broadcasting UPD packets, and
I'm in no position to change or question this strangeness..
Anyway, so this should be quite simple - run a DNAT rule changing the
destination address in the pre-routing chain of the nat table
ie
iptables -t nat -I PREROUTING -d 255.255.255.255 -j DNAT --to-dest
192.168.x.y
however this doesn't work.. it doesn't even work if I specify the source of
the broadcasts rather than the destination, eg
iptables -t nat -I PREROUTING -s 192.168.y.z -j DNAT --to-dest 192.168.x.y
and specifying input and output interfaces doesn't help either
I have ip_forwarding enabled, and if I change this rule to be from my
workstation, then I can see that it works - ie
iptables -t nat -I PREROUTING -s my.ip.add.ress -j DNAT --to-dest
192.168.x.y
and then ping the host with the iptables rules, I can see with tcpdump that
my pings go back out and onto the remote network.. so, I know iptables is
working, and I know forwarding is working, I just can't make a rule that
effects packets sent to 255.255.255.255
Has anyone got any clues as to why broadcasts aren't being matched and
DNAT'd?
Thanks
No clue as to that but potentially another way to solve the problem.
You could try using netcat as a proxy for the traffic.
perhaps something along these lines?
http://zarb.org/~gc/html/udp-in-ssh-tunneling.html
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
