-
Notifications
You must be signed in to change notification settings - Fork 211
Transparent UDP proxy
Illarion Kovalchuk edited this page Jul 24, 2020
·
2 revisions
In transparent UDP mode, backend responds directly to the packet origin host. Response packets are not controlled nor tracked by gobetween. This is useful when the backend have to observe origin IP address for logging or security.
Example gobetween configuration:
[servers.example]
protocol = "udp"
[servers.example.udp]
transparent = true
This mode may require additional network configuration. Let's consider few examples.
On each backend, please configure
$ tc qdisc add dev eth0 root handle 10: htb
$ tc filter add dev eth0 parent 10: protocol ip prio 10 u32 match ip src <public ip> match ip sport 53 action nat egress <public ip> <interface ip>
Please note, that you may need to disable "Source/Destination check" in the AWS settings of your backend instance (if you're using Amazon)
On each backend, confiugre default gateway
$ route add default gw <router host ip>
On the router host
$ sysctl -w net.ipv4.ip_forward=1
$ tc qdisc add dev eth0 root handle 10: htb
$ tc filter add dev eth0 parent 10: protocol ip prio 10 u32 match ip src <ip of backend 1> match ip sport 53 action nat egress <if of backend 1> <router interface ip>
$ tc filter add dev eth0 parent 10: protocol ip prio 10 u32 match ip src <ip of backend 2> match ip sport 53 action nat egress <if of backend 2> <router interface ip>
...