Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Setup port forwarding via iptable or socat?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
pablo_supertux
Advocate
Advocate


Joined: 25 Jan 2004
Posts: 2931
Location: Somewhere between reality and Middle-Earth and in Freiburg (Germany)
PostPosted: Fri Apr 12, 2024 9:27 am    Post subject: Setup port forwarding via iptable or socat? Reply with quote
Hi

I have an embedded system with 2 LAN sockets and it is configured as a router, meaning that eth0 is the WAN port (requests IPs via DHCP) and dnsmasq (with dhcp & dns) runs on eth1 (192.168.11.1/24).

One of my customers would like to have port forwarding between one of his devices (TCP 192.168.11.50:80) and the public ip of eth0 so that he can configure it.

I would do this:

Code:

WAN_IP=$(ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
socat tcp-listen:5000,bind=${WAN_IP},fork,reuseaddr tcp:192.168.11.50:80


My question is: is this ok or is this just a naive way of implementing port forwarding? Or should I use iptables for this? What is the preferred way to do port forwarding?

Thanks
_________________
A! Elbereth Gilthoniel!
silivren penna míriel
o menel aglar elenath,
Gilthoniel, A! Elbereth!
Back to top
View user's profile Send private message
flexibeast
Guru
Guru


Joined: 04 Apr 2022
Posts: 324
Location: Naarm/Melbourne, Australia
PostPosted: Fri Apr 12, 2024 1:37 pm    Post subject: Reply with quote
The socat-based pipeline approach would have to be supervised, to ensure that if it crashed or failed for some reason - and the pipeline has many possible points of failure - it would automatically get restarted. And that's assuming the pipeline could be restarted; there might be various failure conditions preventing that.

i think using iptables - or, better, nftables, since iptables is deprecated - is going to be much more robust.
Back to top
View user's profile Send private message
pablo_supertux
Advocate
Advocate


Joined: 25 Jan 2004
Posts: 2931
Location: Somewhere between reality and Middle-Earth and in Freiburg (Germany)
PostPosted: Fri Apr 12, 2024 2:53 pm    Post subject: Reply with quote
flexibeast wrote:
The socat-based pipeline approach would have to be supervised, to ensure that if it crashed or failed for some reason - and the pipeline has many possible points of failure - it would automatically get restarted. And that's assuming the pipeline could be restarted; there might be various failure conditions preventing that.



yes of course, I would use systemd services for that.

flexibeast wrote:


i think using iptables - or, better, nftables, since iptables is deprecated - is going to be much more robust.


Ok thanks, I'll take a look at that.
_________________
A! Elbereth Gilthoniel!
silivren penna míriel
o menel aglar elenath,
Gilthoniel, A! Elbereth!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy