How to redirect external incoming traffic from one port to another? (Linux/iptables/ufw)

Question

I am setting up a VPS for VPN purposes. The idea is to lift as many limits as possible on public networks.

One idea is to redirect the incoming OpenVPN connections on port 53 to the default OpenVPN port.

Here is how I imagined it:

• setting up firewall rules to redirect incoming traffic on port udp/53 to the default OpenVPN port
• there is already an internal DNS server running on the server but only on local interfaces, thus the rule need to be defined for public ips only

I am currently trying to figure out either iptables or UFW rules to achieve this.

I am honestly not sure if this would be enough. The idea is to mimic DNS queries. Additional features/ideas would be to relay to something like iodine.

Would love to hear some feedback if anyone ever implemented something similar!

Cheers.

Answer 1

To redirect a network stream from one port to another, you may use the following rule:

• If you have a NIC for public networking and one for private networking, then you may filter on a per-interface basis:

iptables -t nat -A PREROUTING -i <your public network interface> -p udp --dport 53 -j REDIRECT --to-ports 1194

• If both private and public networking use the same interface, then you must filter on a per-address basis:

iptables -t nat -A PREROUTING -s \! <your private network> -p udp --dport 53 -j REDIRECT --to-ports 1194

Note that you may also have to add some rules in the FORWARD tables to authorize the stream.