Foward traffic (filter by source ip and dst port) to other public ip

Check it on Gist: https://gist.github.com/richardevs/355d24b25f6c19b698b7134504843dc6

# run all these on the bastion vm
# iptables can not directly route traffic to public ip ( in my test )
# so I insert a socat here to help get the job done

iptables -t nat -F # flush all the current NAT rule ( be careful )
iptables -t nat -A PREROUTING -s 1.1.1.1 -p tcp --dport 443 -j DNAT --to-destination :4433 # all traffic to port 443 from 1.1.1.1 get routed to port 4433
iptables -t nat -A POSTROUTING -j MASQUERADE # let iptables do the NAT work
iptables -t nat -nL # double check if iptables are correctly showing the rules

nohup socat TCP4-LISTEN:4433,reuseaddr,fork TCP4:2.2.2.2:443 & # use socat to forward traffic to final destination, in the demo here, 2.2.2.2:443

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据