| View previous topic :: View next topic |
| Author |
Message |
Lorneagle
n00b
Joined: 10 May 2004
Posts: 25
Location: Furtwangen
|
 Posted: Mon Aug 09, 2004 6:46 pm Post subject: Change port with iptables?? |
 |
|
Hi
I need to know how i can change a port of a local application before the package is send.
Background: I have to change the port of Starcraft to play with two clients in battle.net from LAN.
I tried:
iptables -t nat -A POSTROUTING -p tcp -o eth0 --sport 6112 -j SNAT --to 192.168.1.3:6120
but i did not work. 192.168.1.3 is my ip adress.
Pls help
Thx
Lorneagle
_________________
System:
AMD Barton 2500+
Abit NF7 V2.0 nforce2
BIOS Version:2.4
512 MB DDR-333 RAM
vanilla-kernel 2.6.11
CFLAGS are:
| Code: | | CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -ffast-math -mmmx -m3dnow -msse -mfpmath=sse,387" |
|
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Mon Aug 09, 2004 9:35 pm Post subject: |
|
|
| Quote: | iptables -t nat -A POSTROUTING -p tcp -o eth0 --sport 6112 -j SNAT --to 192.168.1.3:6120
but i did not work. 192.168.1.3 is my ip adress. |
No wonder - you're changing port 6122 for ALL systems to that IP address... including the one that already works.
Try this:
| Code: | | iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.3 --sport 6112 -j SNAT --to 192.168.1.3:6120 |
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
Lorneagle
n00b
Joined: 10 May 2004
Posts: 25
Location: Furtwangen
|
| Posted: Tue Aug 10, 2004 8:21 am Post subject: |
|
|
No.
| Code: | | ptables -t nat -A POSTROUTING -p tcp -o eth0 --sport 6112 -j SNAT --to 192.168.1.3:6120 |
This rule is no rule for my router (debian System, which works fine) but for my Gentoo client.
I want to change ALL traffic from port 6112, which passes eth0 (from client), to port 6120 before that package is passed to the router to be sent.
So when the package is arriving at my debian router it should be from port 6120. But tcptracker on my router still gets port 6112.
_________________
System:
AMD Barton 2500+
Abit NF7 V2.0 nforce2
BIOS Version:2.4
512 MB DDR-333 RAM
vanilla-kernel 2.6.11
CFLAGS are:
| Code: | | CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -ffast-math -mmmx -m3dnow -msse -mfpmath=sse,387" |
|
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Aug 10, 2004 10:05 am Post subject: |
|
|
Try putting it in the OUTPUT chain instead, since as is noted in the docs, POSTrouting via SNAT for the localhost may have side effects.
| Code: | | iptables -t nat -A OUTPUT -p tcp --sport 6112 -j REDIRECT --to-ports 6120 |
Beautiful, isn't it ? 
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
Lorneagle
n00b
Joined: 10 May 2004
Posts: 25
Location: Furtwangen
|
| Posted: Tue Aug 10, 2004 5:49 pm Post subject: |
|
|
Thanks for your help so far. 
Well i succeeded in changing the sourceport to 6120. But I still need to change the destination port of the package.
| Code: | | iptables -t nat -A OUTPUT -p tcp -o eth0 --dport 6112 -j REDIRECT --to-port 6120 |
This does not work. I don't know why because it makes sence to me too
Any suggestions?
Thx
Lorneagle
_________________
System:
AMD Barton 2500+
Abit NF7 V2.0 nforce2
BIOS Version:2.4
512 MB DDR-333 RAM
vanilla-kernel 2.6.11
CFLAGS are:
| Code: | | CFLAGS="-march=athlon-xp -O3 -pipe -fomit-frame-pointer -ffast-math -mmmx -m3dnow -msse -mfpmath=sse,387" |
|
|
| Back to top |
|
|
vengfulsquirrel
n00b
Joined: 06 Jul 2006
Posts: 2
|
| Posted: Sun Jan 28, 2007 8:44 pm Post subject: |
|
|
I finally got this to work after I never found a solution online. So I am posting it on this old thread for other people and myself in another year when i forget.
This should allow more than one person behind the lan to play starcraft in the same game on bnet.
I still have not figured out how to allow them to make a game on bnet and play in it together... if anyone has a solution I am all ears.(eyes?)
Also i am routing through my linux box before i even get to the router and all other lan pcs are behind this linux box.[192.168.1.*]
| Code: |
iptables="/sbin/iptables"
$iptables -F
$iptables -t nat -F
echo 1 > /proc/sys/net/ipv4/ip_forward
internalIPPrefix="192.168.1"
externalIP="192.168.0.33"
LIMIT=50 #needs to be double digit for now
for ((hostNumber=10; hostNumber <= LIMIT ; hostNumber++))
do
internalIP="$internalIPPrefix.$hostNumber"
newPort="90"$hostNumber
#Redirect 6112 to another deestination port on the way out so it doesn't clash
#$iptables -t nat -A POSTROUTING -o eth0 -s $internalIP -p udp --dport 6112 -j SNAT --to-source $externalIP:$newPort
echo "$iptables -t nat -A POSTROUTING -o eth0 -s $internalIP -p udp --sport 6112 -j SNAT --to-source $externalIP:$newPort"
$iptables -t nat -A POSTROUTING -o eth0 -s $internalIP -p udp --sport 6112 -j SNAT --to-source $externalIP:$newPort
#Masquerade the tcp connections
$iptables -t nat -A POSTROUTING -o eth0 -s $internalIP -j MASQUERADE
echo "$iptables -t nat -A POSTROUTING -o eth0 -s $internalIP -j MASQUERADE"
#Redirect the destination port
$iptables -t nat -A PREROUTING -i eth0 -p udp --dport $newPort -j DNAT --to-destination $internalIP:6112
echo "$iptables -t nat -A PREROUTING -i eth0 -p udp --dport $newPort -j DNAT --to-destination $internalIP:6112"
done
|
|
|
| Back to top |
|
|
|
Networking & Security
