Article 5MECS Linux Router [FOB] touchpoint

Linux Router [FOB] touchpoint

by
ANewHome
from LinuxQuestions.org on (#5MECS)
Trying to setup a little AWS Box (Debian Linux) to act as a router taking public traffic (eth0 - single network interface) and redirecting it to a different public IP address, different ports and then send the traffic back to the clients. One of the major reasons for doing this is the Linux box has good DDOS protection and I will setup the Dest-IP to only accept traffic from the linux box.

The port mappings (TCP & UDP):
Src-IP, Src-Port, Dest-IP, Dest-Port
ALL, 27106,168.119.149.150,27015
ALL, 8000,168.119.149.150,7777
ALL, 8001,168.119.149.150,7778

What I am trying to get to happen:
Traffic in:
Public IP (Client App) [27106,8000,8001] -> Linux Box -> Destination Public Server (AA) [27015,7777,7778]

Return Traffic:
Public Server (AA) [27015,7777,7778] -> Linux Box -> Public IP (Client App) [27106,8000,8001]

The problem, is it doesn't seem to be working as I'm expecting it to - can anyone give some pointers on what I'm doing wrong?

The /etc/iptables/rules.v4 is currently:
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p udp -m udp --dport 27106 -j DNAT --to-destination 168.119.149.150:27015
-A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p udp -m udp --dport 8000 -j DNAT --to-destination 168.119.149.150:7777
-A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A PREROUTING -p udp -m udp --dport 8001 -j DNAT --to-destination 168.119.149.150:7778
-A POSTROUTING -p tcp -m tcp --dport 27015
-A POSTROUTING -p udp -m udp --dport 27015
-A POSTROUTING -p tcp -m tcp --dport 7777
-A POSTROUTING -p udp -m udp --dport 7777
-A POSTROUTING -p tcp -m tcp --dport 7778
-A POSTROUTING -p udp -m udp --dport 7778

COMMIT
# Completed on Wed Jul 21 09:48:33 2021
# Generated by xtables-save v1.8.2 on Wed Jul 21 09:48:33 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Jul 21 09:48:33 2021

The AWS Firewall end-points are configured to accept all traffic [TCP/UDP] - so its not that, I can only think I've not setup the rules file incorrectly?latest?d=yIl2AUoC8zA latest?i=kgrt1zh7xUs:U1bJXoJiITY:F7zBnMy latest?i=kgrt1zh7xUs:U1bJXoJiITY:V_sGLiP latest?d=qj6IDK7rITs latest?i=kgrt1zh7xUs:U1bJXoJiITY:gIN9vFwkgrt1zh7xUs
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments