Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Reroute and tunnel udp connection to another server

by |Published

I have been trying to establish a connection between a vps and a dedicated bare metal server for a month now. Basically, vps will act as a tunnel to connect to my dedicated server, I’m doing this to improve the latency of some users to my game server but it uses udp on this end. The isp in our country seems to vary latency depending on their area even with the same isp some of them have lower latency connecting to the vps while others on the dedicated, I wanted to be able to have them both connect to my dedicated with lower ping. Investigating hops from users some of them have more hops depending on the server.

So far I’ve only messed with iptables and some programs such as Rinetd but none of them work at all.

For reference:
Dedicated: 192.168.1.1
Vps: 127.0.0.1

The vps and dedicated server have different datacenters and different hosting services

In the vps:
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

iptables -t nat -A PREROUTING -i eth0 -p udp -d 127.0.0.1 --dport 16261:16264 -j DNAT --to-destination 192.168.1.1:16261-16264

iptables -A FORWARD -p udp -d 192.168.1.1 --dport 16261:16264 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A POSTROUTING -i eth0 -t nat -p udp -m udp -s 127.0.0.1 --sport 16261:16264 -j SNAT --to-source 192.168.0.1

iptables -t nat -A PREROUTING -i eth0 -p udp  -d 127.0.0.1  --dport 16261:16264 -j DNAT --to-destination 192.168.1.1:16261-16264

iptables -A FORWARD -p udp -d 192.168.1.1 --dport 16261:16264 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A POSTROUTING -i eth0 -t nat -p udp -m udp -s 127.0.0.1 --sport 16261:16264 -j SNAT --to-source 192.168.0.1`

I did the same for udp and tcp I did not add MASQUERADE so that it just forwards the connection with the ip visible

in my understanding it should show 192.168.1.1/29 if I use ip route

ip route in vps:
default via 127.0.0.1 dev eth0
127.0.0.1 dev eth0 scope link

but so far when connecting to 127.0.01 my forwarding doesn’t seem to work at all, although I do get some packets from iptables in 16261 ports but it seems to stop there I think something is blocking it, no other firewalls here.
am I doing anything wrong here? should I accept ports 16261-16264 in my vps?

All suggestions and different approach is welcome!

You may also like