M. V.
2014-06-28 06:10:56 UTC
Hi guys,
I'm porting one of my FreeBSD programs into Debian. I wanted to
know if I can have an iptables rule (or use any other service) which
work exactly similar to "ipfw forward" command in FreeBSD.
"ipfw forward" just changes dst-port of the packet, and other parameters like "src-ip", "src-port" and "dst-ip" of the packet stay the same. for example, if I define this rule:
ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any dst-port 80 in
now if I have a tcp-server listing to port-1234, I can discover
original ip/port of both source and destination of any http request
which passes through my box and generate a valid response to it (just
dst-port is changed to 1234, which I now it was originally 80).
but in linux with iptables, it seems I just have iptables nat rules, which changes "dst-ip" of the packet as well:
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 1234
this iptables rule changes "dst-ip" of the packet as well as "dst-port" which is not good for me.
thank you.
I'm porting one of my FreeBSD programs into Debian. I wanted to
know if I can have an iptables rule (or use any other service) which
work exactly similar to "ipfw forward" command in FreeBSD.
"ipfw forward" just changes dst-port of the packet, and other parameters like "src-ip", "src-port" and "dst-ip" of the packet stay the same. for example, if I define this rule:
ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any dst-port 80 in
now if I have a tcp-server listing to port-1234, I can discover
original ip/port of both source and destination of any http request
which passes through my box and generate a valid response to it (just
dst-port is changed to 1234, which I now it was originally 80).
but in linux with iptables, it seems I just have iptables nat rules, which changes "dst-ip" of the packet as well:
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 1234
this iptables rule changes "dst-ip" of the packet as well as "dst-port" which is not good for me.
thank you.