Configuring Linux as a Router

Kernels, Network, and Services configuration
Post Reply
Message
Author
ANewHome
Posts: 1
Joined: 2021-07-21 14:43

Configuring Linux as a Router

#1 Post by ANewHome »

Trying to setup a little AWS Box (Debian Linux) to act as a router taking public traffic (eth0 - single network interface) and redirecting it to a different public IP address, different ports and then send the traffic back to the clients.

The port mappings (TCP & UDP):
Src-IP, Src-Port, Dest-IP, Dest-Port
ALL, 27106,168.119.149.150,27015
ALL, 8000,168.119.149.150,7777
ALL, 8001,168.119.149.150,7778

What I am trying to get to happen:
Traffic in:
Public IP (Client App) [27106,8000,8001] -> Linux Box -> Destination Public Server (AA) [27015,7777,7778]

Return Traffic:
Public Server (AA) [27015,7777,7778] -> Linux Box -> Public IP (Client App) [27106,8000,8001]

The problem, is it doesn't seem to be working as I'm expecting it to - can anyone give some pointers on what I'm doing wrong?

The /etc/iptables/rules.v4 is currently:
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p udp -m udp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p udp -m udp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A PREROUTING -p udp -m udp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A POSTROUTING -p tcp -m tcp --dport 27015
-A POSTROUTING -p udp -m udp --dport 27015
-A POSTROUTING -p tcp -m tcp --dport 7777
-A POSTROUTING -p udp -m udp --dport 7777
-A POSTROUTING -p tcp -m tcp --dport 7778
-A POSTROUTING -p udp -m udp --dport 7778

COMMIT
# Completed on Wed Jul 21 09:48:33 2021
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Jul 21 09:48:33 2021

The AWS Firewall end-points are configured to accept all traffic [TCP/UDP] - so its not that, I can only think I've not setup the rules file incorrectly?

Post Reply