Forwarding packets on same interface (echoing)

J.T. Moore jtmoore at
Fri Aug 12 18:40:36 CEST 2005


The following will work if you want the packets coming to to be redirected to

    iptables -t nat -A PREROUTING -i eth1 -d -p udp --dport 30000:32000 -j DNAT --to-destination

If you want the reply from to be change to look like it came from you have two choices based on your network setup

1. routes its replies through the same machine using iptables to do the DNAT above. This makes life simple because the iptables machine will track the DNAT connection and change the source address in the replies from back to automatically


2. Run iptables on or another machine between and the clients and SNAT responses to the client from to This can potentially get complicated and ugly, but it can be done


----- Original Message ----- 
From: "Martin van den Berg" <martinvdberg at>
To: <netfilter at>
Sent: Friday, August 12, 2005 7:05 AM
Subject: Forwarding packets on same interface (echoing)


I have this NAT/firewall box (debian) configured with iptables. Port
forwarding etc works fine for one exception: A need a rule that
'echoes' back udp packets if they meet the following criteria:
+ in-interface=eth1 (that's the 'private' interface)
+ destination IP is public ip-address (e.g. (that's eth0)
+ Port range is e.g. 30000-32000
+ The packets need to be forwarded via eth0 (thus echoed) to e.g., same port.

Hope you can help me and thanks in advance!


More information about the netfilter mailing list