Port forwarding with iptables
In this tutorial we'll set up a simple port forwarding (NAT) using iptables.
1. Enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
2. Append routing rules to the nat table
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d {local_ip} --dport {local_port} -j DNAT --to {destination_ip}:{destination_port}
iptables -t nat -A POSTROUTING -o eth0 -d {destination_ip} -j SNAT --to-source {local_ip}
- {local_ip}: A ip address mapped on the local system
- {local_port}: The port you would like to listen on
- {destination_ip}: Destination ip address
- {destination_port}: Destination port
3. Now you can access http://{local_ip}:{local_port} and would actually be getting response from http://{destination_ip}:{destination_port}
A working example
If the ip address of your system is 32.64.128.200 and you import the following rules, you would be able to connect to http://32.64.128.200:8080 and actually see the Google search engine because 216.239.59.105:80 is one of Google's web servers.
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 32.64.128.200 --dport 8080 -j DNAT --to 216.239.59.105:80
iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.105 -j SNAT --to-source 32.64.128.200
June 25th, 2010 - 07:34
I have been working with iptables for a while. Forgot the SNAT and had major issues getting port fwd to a Xen machine up and running. Kicked myself when I read your post.
You saved me another few hours of not thinking. Thanks from Cape Town South Africa.