Linux‎ > ‎Iptables‎ > ‎

Forwarding

iptables port forwarding (Linux TCP Proxy)


Forward port 80 to 8080 on the same box
iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d your hostname -p tcp --dport 80 -j REDIRECT --to-ports 8080



assuming 67.208.32.9 is the ip of the box we are going to (destination) and 67.208.32.33 is the ip of the iptables box. Forwarding port 8000

#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -p tcp --dport 8000 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 67.208.32.9:8000
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 67.208.32.33
to undo this
iptables -D FORWARD -i eth0 -p tcp --dport 8000 -j ACCEPT
iptables -D FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

ip
tables -t nat -D PREROUTING -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 67.208.32.9:8000
iptables -t nat -D POSTROUTING -o eth0 -j SNAT --to-source 67.208.32.33
--------

Setup PAT (giving internet access to servers behind eth1 using eth0, internet connection).\

openbridge.sh
#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT


closebridge.sh
#!/bin/sh
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -D FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -D FORWARD -i eth1 -o eth0 -j ACCEPT





Comments