On a Linux box, I have create a GRE tunnel called gre1 172.17.1 -> 172.17.2. The Linux box IP is 10.10.100.100, the end point IP is 10.10.101.101.
I am trying to do a source NAT (NOT destination NAT) to tunnel the traffic going from the Linux box to actually go to the tunnel is the destination port is 80. I have tried things along these lines without success:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j SNAT --to 172.17.1.1
iptables -t nat -A FORWARD -p tcp --dport 80 -j SNAT --to 172.17.1.1
Most examples I found for GRE tunneling is for DNAT, not SNAT. Any example that would work for my case?
Best Answer
If I read your question correctly, you want port 80 traffic to go down your tunnel. This isn't done with SNAT, but with policy routing.
First we need to set up a new routing table:
Next we need to set up the routing table to send all traffic via the tunnel:
Now we need to make some traffic use that routing table rather than the default routing table. This is done by marking the packets and then adding a rule to use the specified table for those marked packets:
Replace OUTPUT with FORWARD if you want traffic being forwarded being sent down the tunnel. This only works for locally generated traffic with OUTPUT.
You can find more information in the Linux Advanced Routing and Traffic Control (LARTC) guide.