View previous topic :: View next topic |
Author |
Message |
pablo_supertux Advocate
Joined: 25 Jan 2004 Posts: 2931 Location: Somewhere between reality and Middle-Earth and in Freiburg (Germany)
|
Posted: Fri Apr 12, 2024 9:27 am Post subject: Setup port forwarding via iptable or socat? |
|
|
Hi
I have an embedded system with 2 LAN sockets and it is configured as a router, meaning that eth0 is the WAN port (requests IPs via DHCP) and dnsmasq (with dhcp & dns) runs on eth1 (192.168.11.1/24).
One of my customers would like to have port forwarding between one of his devices (TCP 192.168.11.50:80) and the public ip of eth0 so that he can configure it.
I would do this:
Code: |
WAN_IP=$(ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
socat tcp-listen:5000,bind=${WAN_IP},fork,reuseaddr tcp:192.168.11.50:80
|
My question is: is this ok or is this just a naive way of implementing port forwarding? Or should I use iptables for this? What is the preferred way to do port forwarding?
Thanks _________________ A! Elbereth Gilthoniel!
silivren penna míriel
o menel aglar elenath,
Gilthoniel, A! Elbereth! |
|
Back to top |
|
|
flexibeast Guru
Joined: 04 Apr 2022 Posts: 324 Location: Naarm/Melbourne, Australia
|
Posted: Fri Apr 12, 2024 1:37 pm Post subject: |
|
|
The socat-based pipeline approach would have to be supervised, to ensure that if it crashed or failed for some reason - and the pipeline has many possible points of failure - it would automatically get restarted. And that's assuming the pipeline could be restarted; there might be various failure conditions preventing that.
i think using iptables - or, better, nftables, since iptables is deprecated - is going to be much more robust. |
|
Back to top |
|
|
pablo_supertux Advocate
Joined: 25 Jan 2004 Posts: 2931 Location: Somewhere between reality and Middle-Earth and in Freiburg (Germany)
|
Posted: Fri Apr 12, 2024 2:53 pm Post subject: |
|
|
flexibeast wrote: | The socat-based pipeline approach would have to be supervised, to ensure that if it crashed or failed for some reason - and the pipeline has many possible points of failure - it would automatically get restarted. And that's assuming the pipeline could be restarted; there might be various failure conditions preventing that.
|
yes of course, I would use systemd services for that.
flexibeast wrote: |
i think using iptables - or, better, nftables, since iptables is deprecated - is going to be much more robust. |
Ok thanks, I'll take a look at that. _________________ A! Elbereth Gilthoniel!
silivren penna míriel
o menel aglar elenath,
Gilthoniel, A! Elbereth! |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|