Recently I wanted to upgrade my Minecraft player. I plan to use different server for different player. I’ve tried to check how does my home’s DD-WRT works on port forwarding. And I got the result. I could use port forwarding in iptables control player source ip connect different server.
So this is my iptables rule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:520
logaccept tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:23
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
DROP 2 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
logaccept 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT 47 -- 192.168.1.0/24 0.0.0.0/0
ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1723
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
lan2wan 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:25565
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:25565
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:548
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:548
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:80
ACCEPT udp -- 0.0.0.0/0 192.168.1.1 udp dpt:80
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 192.168.1.1 udp dpt:443
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:22
ACCEPT tcp -- 0.0.0.0/0 192.168.1.133 tcp dpt:51413
ACCEPT udp -- 0.0.0.0/0 192.168.1.133 udp dpt:51413
ACCEPT tcp -- 0.0.0.0/0 192.168.1.133 tcp dpt:9091
ACCEPT udp -- 0.0.0.0/0 192.168.1.133 udp dpt:9091
ACCEPT tcp -- 0.0.0.0/0 192.168.1.131 tcp dpt:8123
ACCEPT udp -- 0.0.0.0/0 192.168.1.131 udp dpt:8123
ACCEPT tcp -- 0.0.0.0/0 192.168.1.141 tcp dpt:6699
ACCEPT udp -- 0.0.0.0/0 192.168.1.141 udp dpt:6699
TRIGGER 0 -- 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
trigger_out 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain advgrp_1 (0 references)
target prot opt source destination
Chain advgrp_10 (0 references)
target prot opt source destination
Chain advgrp_2 (0 references)
target prot opt source destination
Chain advgrp_3 (0 references)
target prot opt source destination
Chain advgrp_4 (0 references)
target prot opt source destination
Chain advgrp_5 (0 references)
target prot opt source destination
Chain advgrp_6 (0 references)
target prot opt source destination
Chain advgrp_7 (0 references)
target prot opt source destination
Chain advgrp_8 (0 references)
target prot opt source destination
Chain advgrp_9 (0 references)
target prot opt source destination
Chain grp_1 (0 references)
target prot opt source destination
Chain grp_10 (0 references)
target prot opt source destination
Chain grp_2 (0 references)
target prot opt source destination
Chain grp_3 (0 references)
target prot opt source destination
Chain grp_4 (0 references)
target prot opt source destination
Chain grp_5 (0 references)
target prot opt source destination
Chain grp_6 (0 references)
target prot opt source destination
Chain grp_7 (0 references)
target prot opt source destination
Chain grp_8 (0 references)
target prot opt source destination
Chain grp_9 (0 references)
target prot opt source destination
Chain lan2wan (1 references)
target prot opt source destination
Chain logaccept (2 references)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp reject-with tcp-reset
Chain trigger_out (1 references)
target prot opt source destination
The only useful in this table is FORWARD
The rule is looks like that
1
2
iptables -t nat -I PREROUTING -p tcp -d 192.168.1.1 --dport 10001 -j DNAT --to 192.168.1.131:10002
iptables -I FORWARD -p tcp -d 192.168.1.131 --dport 10002 -j ACCEPT
Test Success.
The script
1
2
3
#!/bin/sh
iptables -t nat -I PREROUTING -p tcp -s $1 -d $2 --dport $3 -j DNAT --to $2 :$4
iptables -I FORWARD -p tcp -s $1 -d $2 --dport $3 -j ACCEPT
$1:
source ip
$2:
server ip
$3:
service port
$4:
forward port
So Now I can make my Chinese player play my Chinese server and US player play US server. The server could automatic choose server depends on region.