Created
April 25, 2020 01:38
-
-
Save gamemann/d80b9c553c0b8646e9fa199b621edba8 to your computer and use it in GitHub Desktop.
Commands I ran to get NAT working on the endpoint machines for SRCDS servers. This allows Steam traffic to go out in IPIP form so the Master Server gets the correct IP. All other traffic is sent back to the forwarding server normally as long as the static route exists inside the network namespace.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Forwarding Server: | |
| # IP - 10.50.0.3 | |
| # Do DNAT to game server machine. | |
| iptables -t nat -A PREROUTING -d 10.50.0.3 -p udp --dport 27015 -j DNAT --to-destination 10.50.0.4 | |
| # Masquerade connections to game server machine (not sure if needed, can use SNAT rule as well if need to be). | |
| iptables -t nat -A POSTROUTING -d 10.50.0.4 -j MASQUERADE | |
| # Endpoint Game Server: | |
| # IP - 10.50.0.4 | |
| # Create namespace | |
| ip netns add ns01 | |
| # Create IPIP tunnel and assign it to NS01. | |
| ip tunnel add ipip01 mode ipip remote 10.50.0.3 | |
| ip link set ipip01 netns ns01 | |
| ip netns exec ns01 ip addr add 172.20.0.3/32 dev ipip01 | |
| ip netns exec ns01 ip link set ipip01 up | |
| ip netns exec ns01 ip link set lo up | |
| # Create veth pair. | |
| ip link add dev veth1 type veth peer name veth2 | |
| ip link set veth1 up | |
| ip link set veth2 netns ns01 | |
| ip netns exec ns01 ip addr add 172.2.0.2/16 dev veth2 | |
| ip netns exec ns01 ip link set veth2 up | |
| # Create bridge. | |
| ip link add dev br0 type bridge | |
| ip addr add 172.2.0.1/16 dev br0 | |
| ip link set br0 up | |
| # Bridge veth to br0 (type bridge). | |
| ip link set veth1 master br0 | |
| # Add static routes to namespace. Default is IPIP tunnel for Steam traffic. | |
| ip netns exec ns01 ip route add 10.50.0.3 dev veth2 via 172.2.0.1 | |
| ip netns exec ns01 ip route add default dev ipip01 | |
| # Do DNAT to namespace veth2 peer/game server. | |
| iptables -t nat -I PREROUTING ! -s 172.2.0.0/16 -d 10.50.0.4 -p udp --dport 27015 -j DNAT --to-destination 172.2.0.2:27015 | |
| # Allow Forwarding between interfaces (main and bridge). | |
| iptables -A FORWARD -i ens18 -j ACCEPT # This is the main interface on the VM. | |
| iptables -A FORWARD -i br0 -j ACCEPT | |
| # Masquerade connections from veth pair and bridge. | |
| iptables -t nat -A POSTROUTING -s 172.2.0.0/16 -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment