Aspera

 View Only

Transparently insert IBM Aspera faspio-gateway in a data flow with iptables (Linux)

By Georges Vieux posted Tue August 30, 2022 06:40 PM

  
faspio-gateway needs the traffic to be redirected to its listening port(s).
That can be done by re configuring the client application to connect to the faspio-gateway endpoint instead of the remote server.

It is also possible to use iptables (on Linux system) to redirect the traffic without modifying the configuration of the application client.

To redirect the traffic in this context, you need to create a rule on the nat table.

To list the rules of this table before modifying:
sudo iptables -L -t nat

to reroute the traffic to a local faspio gateway listening on port 12345, here is the iptables command to be executed on the sender node (client) in order to reroute the traffic sent to the receiver (server) node (10.0.40.50) listening on the port 12346.
sudo iptables -t nat -A OUTPUT -p tcp -d 10.0.40.50 --dport 12346 -j DNAT --to-destination 127.0.0.1:12345

To delete the rules first, you need to find the row number of the rule:
sudo iptables -L -t nat --line-numbers
then you can delete the rule
sudo iptables -t nat -D OUTPUT <NUM>
You may need to restart your client application to reestablish a connection once the iptables rule is set.
To test this deployment, you can:
  • Start your application ( client and server) without faspio gateway and test it.
  • Start faspio gateway and test it with a tool generating data like iperf3
  • Then, stop iperf3 server and client, execute the iptables command to create the rule and if needed, restart the application client to reestablish the connections.


------------------------------
Georges Vieux
------------------------------
0 comments
9 views

Permalink