EDIT: Thanks everyone, back into the IPtables well I go. For loops ahoy!
I'm trying to rebuild from scratch a functionality in an old production box, and I'll need to do this five times over the next year or so.
The old box has got like two hundred IP/port forwarders like this in it's iptables (made up IPs/ports, but you get the gist):
-A PREROUTING -d 10.50.1.15 -i eth0 -p tcp -m tcp --dport 20020 -j DNAT --to-destination 172.31.0.15:80
It's for a system that needs to be for lab purposes behind a different network but accessible; e.g. for test reasons the 172 et al cannot be normally accessible from the 10 space, but we need a backdoor for some automation and sporadic manual access.
I haven't deeply monkeyed with iptables in nearly ten years. The production system is a beehive of ten interfaces and a terrifying iptables config built up over seven years.
My end goal is literally just this:
- 10.50.200.1:20015 -> 172.31.0.15:80
- 10.50.200.1:20016 -> 172.31.0.16:80
- 10.50.200.1:20017 -> 172.31.0.17:80
- etc
What's the easiest/sanest/laziest way to do this? Network security isn't a concern (the entire network segment in question is already deeply sequestered on the inside) and the only access method to the 172.0.0.0/8 in this case is from the 10.50.200.1 box, which has:
- eth2 - 10.50.200.1
- eth3 - 172.31.0.1
How would you do this in the modern age?
[link][22 comments]