# DNAT

Set up DNAT to forward with client source IP. (You may need a private tunnel as most IDCs have route filter)

- Gateway
    - `eth0` public: `8.7.6.5`
    - `tun0` private: `10.1.1.1`
- Backend
    - `eth0` public: `8.7.6.4`
    - `tun0` private: `10.1.1.100`

# On gateway:

iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 10.1.1.100:8080

# On backend:

IP Rules for special routed server

# Add a table name to /etc/iproute2/rt_tables

10 orig

# Add IP Rule, assuming main IP is 10.1.1.100, gateway is 10.1.1.1 (As above)

Set default route when traffic coming from NAT

ip rule add from 10.1.1.100 lookup orig
ip route add default via 10.1.1.1 table orig

OR you can add default route with default tun0

ip route add default dev tun0 table orig

# DNAT & SNAT

Use this if you do not need to forward client source IP.

On gateway:

iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 10.1.1.100:8080
iptables -t nat -I POSTROUTING -p tcp -o tun0 -j SNAT --to-source 10.1.1.1

Reference:

• IP Rules - PhoenixWiki
• NAT - PhoenixWiki

Last Update: 2024-11-11 03:25:11 Source File