udpportiptablesforwardingxinetd

UDP port forwarding using xinetd


I was looking for an answer on my question on google and also here, but a didn't find a proper answer.

So here is the context: I have a software running on some server (without firewall) in one subnet. There is another software running on some PC in a different subnet. Both subnets are connected to a gateway server. All computers are running CentOS or RHEL. On the gateway server, there is a firewall, preventing multicast traffic from leaving the one subnet and allow clients from outside to connect to computers inside this subnet. Therefore xinetd is used. The computer from outside needs to send a packet to a specific port, the computer on the inside answers to another specific port depending on the sender. So there is no need for the gateway to keep track of sender-receiver relations. It just needs to forward UDP on specific ports to specific computers from one subnet to another.

So I added one service in /etc/services (for one direction):

udp-gateway    6000/udp

And created the according configuration file in /etc/xinetd.d/gateway like:

service udp-gateway
{
  disable                 = no
  socket_type             = dgram
  protocol                = udp
  wait                    = no
  user                    = root
  redirect                = 192.168.1.1 6000  #Server inside the 192.168.1.0 subnet
}

Now the problem is, that the server doesn't open an UDP-port to listen on ('netstat -nulp' says). When I change the protocol to TCP and the socket_type to stream, it works. But I need this for UDP.

Is it possible that this is not possible for UDP? Or is netstat just not showing the ports? Or is my xinetd-configuration missing something?

Thanks in advance, every hint is appreciated.

Benny


Solution

  • redirect                = 192.168.1.1 6000  #Server inside the 192.168.1.0 subnet
    

    from the man page of xinetd:

    redirect

    Allows a tcp service to be redirected to another host.

    This means usage of redirect for udp is not possible. And I don't see any other way to do this with xinetd.