Kiyor | Created: 08-19-12 09:58:43
Recently I wanted to upgrade my Minecraft player. I plan to use different server for different player. I’ve tried to check how does my home’s DD-WRT works on port forwarding. And I got the result. I could use port forwarding in iptables control player source ip connect different server.
So this is my iptables rule
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
logaccept tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:23
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
DROP 2 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
logaccept 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 47 -- 192.168.1.0/24 0.0.0.0/0
ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1723
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
lan2wan 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:25565
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:25565
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:548
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:548
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 192.168.1.1 udp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 192.168.1.1 udp dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.1.133 tcp dpt:51413
ACCEPT udp -- 0.0.0.0/0 192.168.1.133 udp dpt:51413
ACCEPT tcp -- 0.0.0.0/0 192.168.1.133 tcp dpt:9091
ACCEPT udp -- 0.0.0.0/0 192.168.1.133 udp dpt:9091
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:8123
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:8123
ACCEPT tcp -- 0.0.0.0/0 192.168.1.141 tcp dpt:6699
ACCEPT udp -- 0.0.0.0/0 192.168.1.141 udp dpt:6699
TRIGGER 0 -- 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
trigger_out 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
Chain logaccept (2 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
target prot opt source destination
The only useful in this table is FORWARD
The rule is looks like that
iptables -t nat -I PREROUTING -p tcp -d 192.168.1.1 --dport 10001 -j DNAT --to 192.168.1.131:10002
iptables -I FORWARD -p tcp -d 192.168.1.131 --dport 10002 -j ACCEPT
Test Success.
The script
#!/bin/sh
iptables -t nat -I PREROUTING -p tcp -s $1 -d $2 --dport $3 -j DNAT --to $2:$4
iptables -I FORWARD -p tcp -s $1 -d $2 --dport $3 -j ACCEPT
$1: | source ip |
---|---|
$2: | server ip |
$3: | service port |
$4: | forward port |
So Now I can make my Chinese player play my Chinese server and US player play US server. The server could automatic choose server depends on region.