I'm trying to forward all incoming TCP packets to multiple IP addresses.
Setup:
A - 10.10.10.10
B - 10.10.10.11
C - 10.10.10.12
D - 10.10.10.13
I want B, C and D to receive (on port 8000) all incoming packets on port 12345 of A. Ideally I wanted A to do this.
I can forward to one machine with this rule on A:
iptables -t nat -A PREROUTING -p tcp --dport 12345 -j REDIRECT --to 10.10.10.11:8000
I can also clone the packet using the TEE option:
iptables -t mangle -A PREROUTING -p tcp --dport 8000 -d 10.10.10.11 -j TEE --gateway 10.10.10.12
So far everything is okay. The problem is that C will receive the packet with the destination IP of B and not C. Furthermore, I don't know how can I forward to D and/or more other destinations.
How can I make A, with iptables rules, send all the incoming packets on port 12345 to all the other machines (B,C and D) to port 8000?
You have to use POSTROUTING :
iptables -t nat -A POSTROUTING -p tcp --dports 8080 -j SNAT --to-source 10.10.10.12
but you need to find a way to differentiate which packet is for B or C else they will all arrive with the IP of C. It should be done with the interface if you have different interface; I suppose it's the case as you change the gateway so, something like:
iptables -t nat -A POSTROUTING -o eth3 -p tcp --dports 8080 -j SNAT --to-source 10.10.10.12
so only the packets outgoing to the interface eth3, imaging it's the routing path to C, will have the destination ip change to C ip.