iptables nat port forwarding rule set

crowhurst01 · 10-16-2006, 02:07 AM

I have been trying to do a port forward, but I am new to iptables.

I have two ethernet ports: eth0 WAN, and eth1 LAN

I want anything which hits eth0 dport 2222 to be forwarded out eth1 to 192.168.1.5:8000

Do I need to do a FORWARD, PREROUTE and POSTROUTE rule? Or can I just do a PREROUTE

I tried this with no luck:

sudo iptables -A FORWARD -i eth0 -p tcp --dport 2222 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 192.168.1.5:8000

Do I need the:
sudo iptables -A FORWARD -i eth0 -p tcp --dport 2222 -j ACCEPT
or will PREROUTE work without it?

Do I need to FORWARD if I already have a routing table set up?

JiYu · 10-16-2006, 04:11 AM

for an example:

Code:

PORT=443
DMZ_IP=192.168.99.99
DMZ_IF=eth2

/sbin/iptables -A PREROUTING -t nat -p tcp --dport $PORT -i ppp0 -j DNAT --to $DMZ_IP:$PORT
/sbin/iptables -A FORWARD -p tcp -d $DMZ_IP --dport $PORT -i ppp0 -o $DMZ_IF -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -s $DMZ_IP --sport $PORT -i $DMZ_IF -o ppp0 -j ACCEPT

titoms · 02-13-2012, 03:39 AM

Hello, the Nat and the forward worked on my debian server up to the reboot of machines.

The following rules*:

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d 10.0.1.7 --dport 29070 --sport 1024:65535 -m state --state NEW -j ACCEPT

Since the reboot, that doesn't work any more.

I have another rules towards one the others server and that her works.

/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29082 -j DNAT --to-destination 10.0.1.8:29082
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d 10.0.1.8 --dport 29082 --sport 1024:65535 -m state --state NEW -j ACCEPT

Thank you for your help .