rapid-cdn: Provide udp examples with a note

86b142a8 · Łukasz Nowak · 11e2a97b · 86b142a8
Commit 86b142a8 authored Jan 12, 2023 by Łukasz Nowak
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

software/rapid-cdn/README.rst software/rapid-cdn/README.rst +4 -2

No files found.
--- a/software/rapid-cdn/README.rst
+++ b/software/rapid-cdn/README.rst
@@ -334,6 +334,7 @@ It is a good idea then to go on the node where the instance is
 and set some ``iptables`` rules like (if using default ports)::

  iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
+  iptables -t nat -A PREROUTING -p udp -d ${public_ipv4} --dport 443 -j DNAT --to-destination ${listening_ipv4}:4443
  iptables -t nat -A PREROUTING -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to-destination ${listening_ipv4}:8080
  ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to-destination ${listening_ipv6}:4443
  ip6tables -t nat -A PREROUTING -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to-destination ${listening_ipv6}:8080
@@ -343,14 +344,15 @@ Where ``{public_ipv[46]}`` is the public IP of your server, or at least the LAN
 Additionally in order to access the server by itself such entries are needed in ``OUTPUT`` chain (as the internal packets won't appear in the ``PREROUTING`` chain)::

  iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
+  iptables -t nat -A OUTPUT -p udp -d ${public_ipv4} --dport 443 -j DNAT --to ${listening_ipv4}:4443
  iptables -t nat -A OUTPUT -p tcp -d ${public_ipv4} --dport 80 -j DNAT --to ${listening_ipv4}:8080
  ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 443 -j DNAT --to ${listening_ipv6}:4443
  ip6tables -t nat -A OUTPUT -p tcp -d ${public_ipv6} --dport 80 -j DNAT --to ${listening_ipv6}:8080

 **Note regarding ports**:

- * the port seen by application in case of IPv4 will be "correct" - the ``443`` or ``80``
- * the port seen by application in case of IPv6 will be "incorrect" - the ``4443`` or ``8080``
+ * the port seen by application in case of IPv4 TCP will be "correct" - the ``443`` or ``80``
+ * the port seen by application in case of IPv6 and IPv4 UDP will be "incorrect" - the ``4443`` or ``8080``


 Solution 2 (network capability)