IPTables - Port to another ip & port (from the inside)

I finally found how-to. First, I had to add -i eth1 to my "outside" rule (eth1 is my WAN connection). I also needed to add two others rules. Here in the end what I came with :

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 8080 -j DNAT --to 10.32.25.2:80
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 10.32.25.2:80
iptables -t nat -A POSTROUTING -p tcp -d 10.32.25.2 --dport 80 -j MASQUERADE

You also forgot to mention that package forwarding should be enabled to be able to perform destination NAT. By default, it's usually off, so iptables rules will not work. It can be enabled by issuing:

echo 1 > /proc/sys/net/ipv4/ip_forward

First allow forwarding with

echo 1 > /proc/sys/net/ipv4/ip_forward

Then set iptable rules with

IF=eth1
PORT_FROM=8080
PORT_TO=80
DEST=10.32.25.2
iptables -t nat -A PREROUTING -i $IF -p tcp --dport $PORT_FROM -j DNAT --to $DEST:$PORT_TO
iptables -t nat -A POSTROUTING -p tcp -d $DEST --dport $PORT_TO -j MASQUERADE

You can put these lines into /etc/rc.local for example. Note: since Debian jessie make it executable and enabled the rc.local service via

systemctl enable rc-local.service

IPTables - Port to another ip & port (from the inside)

Tags:

Linux

Firewall

Debian

Iptables

Related

Recent Posts