IP forwarding on public IPs

LittleCreek

I need to know how to forward all public ip traffic to another public ip in Linux. Like if I wanted to forward 8.8.8.8 to 1.1.1.1.

tentor

Use DNAT

LittleCreek

@tentor said:
Use DNAT

So you use DNAT on public IPs as well? I thought that would only be for private addresses.

tentor

Sure

vm $ mtr -c 1 -w 8.8.8.8 # before DNAT
Start: 2023-09-14T13:52:34+0200
HOST: backend-replica  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- _gateway          0.0%     1    0.1   0.1   0.1   0.1   0.0
  2.|-- 192.168.0.2       0.0%     1    0.1   0.1   0.1   0.1   0.0
  3.|-- pl.skhron.com.ua  0.0%     1   29.5  29.5  29.5  29.5   0.0
  4.|-- 172.30.2.2        0.0%     1    0.4   0.4   0.4   0.4   0.0
  5.|-- ???              100.0     1    0.0   0.0   0.0   0.0   0.0
  6.|-- 108.170.250.193   0.0%     1    1.0   1.0   1.0   1.0   0.0
  7.|-- 108.170.234.245   0.0%     1    1.5   1.5   1.5   1.5   0.0
  8.|-- dns.google        0.0%     1    0.8   0.8   0.8   0.8   0.0
router $ sudo nft -t -a -i # setup DNAT
nft> add table inet natexample
nft> add chain inet natexample prerouting { type nat hook prerouting priority -100; }
nft> add rule inet natexample prerouting meta l4proto icmp ip daddr 8.8.8.8 dnat to 1.1.1.1
nft> list table inet natexample
table inet natexample { # handle 109
    chain prerouting { # handle 1
        type nat hook prerouting priority dstnat; policy accept;
        meta l4proto icmp ip daddr 8.8.8.8 dnat ip to 1.1.1.1 # handle 4
    }
}
vm $ mtr -c 1 -w 8.8.8.8 # after DNAT
Start: 2023-09-14T13:52:18+0200
HOST: backend-replica Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- _gateway         0.0%     1    0.1   0.1   0.1   0.1   0.0
  2.|-- dns.google       0.0%     1    0.1   0.1   0.1   0.1   0.0