LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-15-2010, 09:18 PM   #1
sparkey
LQ Newbie
 
Registered: Nov 2010
Posts: 11

Rep: Reputation: 0
iptables forward port to another host


Hi,

I will try to explain my scenario as good as i can.

Lets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.

I would just like to use machine #1 same way as a dns server works.
It just redirects the traffic and tells the client where to go.

Thankful for all answers.
 
Old 11-15-2010, 09:55 PM   #2
pnmanojshenoy
Member
 
Registered: Jun 2008
Location: Cochin, India
Distribution: Debian,Ubuntu
Posts: 38

Rep: Reputation: 0
Hello,

Can you please explain more as it the two machine interconnected? I mean does the machine I has 2 NIC card

1. eth0 for public IP and eth1 connected to machine 2 if this is the secnario this can be done.
 
Old 11-15-2010, 11:45 PM   #3
sparkey
LQ Newbie
 
Registered: Nov 2010
Posts: 11

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by pnmanojshenoy View Post
Hello,

Can you please explain more as it the two machine interconnected? I mean does the machine I has 2 NIC card

1. eth0 for public IP and eth1 connected to machine 2 if this is the secnario this can be done.
Thx for your answer.

No that is not the case. It is two physical machines. Is there some way to do it theoretical?
 
Old 11-20-2010, 01:23 AM   #4
Juako
Member
 
Registered: Mar 2010
Posts: 202

Rep: Reputation: 84
Yes,it is the same, iptables-wise to do it with two machines in the same LAN or with remote machines. You just have to know the address of the other machine.

In #1 run as root:

Code:
iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to <ip address of #2>:35000
iptables -A FORWARD -d <ip address of #2> -p tcp --dport 35000 -j ACCEPT
sysctl net.ipv4.ip_forward=1
the first line puts a iptables rule to change the destination address and port for traffic directed to #1:55242 , setting them to #2:35000.

the second line allows this redirected traffic to be forwarded

the third line enables traffic forwarding in the kernel.

For most setups this is all that you need. If you have problems let me now. Have in account this is for tcp traffic, if you want to redirect udp traffic just copy lines 1 and 2 and change "tcp" with "udp".

Last edited by Juako; 02-24-2011 at 12:17 PM. Reason: missing --dport (thx win32sux)
 
Old 02-17-2011, 12:25 PM   #5
caibbor
LQ Newbie
 
Registered: Dec 2009
Posts: 16

Rep: Reputation: 0
# iptables -t nat -A PREROUTING -p tcp 55242 -j DNAT --to 192.168.0.101:35000
Bad argument `55242'
Try `iptables -h' or 'iptables --help' for more information.
 
Old 02-19-2011, 08:50 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by caibbor View Post
# iptables -t nat -A PREROUTING -p tcp 55242 -j DNAT --to 192.168.0.101:35000
Bad argument `55242'
Try `iptables -h' or 'iptables --help' for more information.
That error is caused by a missing --dport, which Juako left out by mistake.
Code:
iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to 192.168.0.101:35000
 
Old 02-24-2011, 12:17 PM   #7
Juako
Member
 
Registered: Mar 2010
Posts: 202

Rep: Reputation: 84
Quote:
Originally Posted by win32sux View Post
That error is caused by a missing --dport, which Juako left out by mistake.
Code:
iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to 192.168.0.101:35000
Yes, my mistake. I'm fixing the answer now. Thank you win32sux, you're right as your nick
 
Old 04-17-2013, 09:49 PM   #8
chrisphillips
LQ Newbie
 
Registered: Jan 2007
Location: Sydney
Distribution: Debian & Ubuntu
Posts: 6

Rep: Reputation: 0
Firstly thanks for this - I have finally got iptables port forwarding working.

However on Debian Squeeze running a 2.6.32 kernel these commands where not enough. I also had to use

Code:
iptables -t nat -A POSTROUTING -j MASQUERADE
I also used --to-destination rather than --to but not sure if that matters
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables can't port forward (PAT Port address translation) sfrederiksen Linux - Networking 7 12-20-2011 11:47 AM
[SOLVED] iptables drop or forward host JOOKER Linux - Newbie 5 05-04-2010 06:03 PM
Forward port 80 for all traffic except to certain host/network fantasygoat Linux - Networking 3 12-04-2009 01:08 PM
iptables to forward connections from a host alpha_hack Linux - Networking 1 10-05-2009 10:25 PM
If I forward a port in iptables, does the port have to be open on the firewall? qwertyjjj Linux - Server 4 08-06-2009 10:22 AM


All times are GMT -5. The time now is 01:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration