0

I want to clone/duplicate all udp traffic incoming on port 8500 to port 8600. It is important that the source address is not modified. Also both ports must be accessible by applications (the packets must still arrive on the original port).

This solution (nftables: duplicate UDP packets for specific destination IP:port to a (second) destination IP:port) does work on a newer system, unfortunately the machine in question is running kernel 3.10 on RHEL 7 and I am not allowed to update it.

Improve this question
2
  • uff, Kernel 3.10… um, which version does iptables --version output? (I ask because of the --tee option) And: what's the content of /proc/net/ip_tables_names? (You might need to be root to read that) Commented Apr 17, 2024 at 10:45
  • version is v1.4.21, /proc/net/ip_tables_names contains filter, net, mangle Commented Apr 17, 2024 at 15:38

1 Answer 1

Reset to default
0

Since your iptables seems to be new enough, and you have the mangle table: Something like (attention, I haven't tested this! try in a VM or similar, making mistakes with TEE is a great way to occupy all your CPU cores by having circular paths for packets)

# copy ("TEE") to dummy local IP address 127.0.0.127
iptables -t mangle -A PREROUTING -i {public interface, not lo} -p UDP --dport 8500 -j TEE --gateway 127.0.0.127
# re-redirect things for 127.0.0.127 to 127.0.0.1
iptables -t nat -A PREROUTING -d 127.0.0.127 -p UDP --dport 8500 -j DNAT --to 127.0.0.1:8600
Improve this answer
1
  • 1
    Unfortunately the DNAT rule doesn't work since TEE doesn't change destination IP - so the packet will not contain 127.0.0.127 as destination. The packet will still end up on the lo interface. Commented Apr 21, 2024 at 17:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.