LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-31-2008, 09:01 AM   #1
Braynid
Member
 
Registered: May 2006
Location: Romania
Distribution: CentOS
Posts: 140

Rep: Reputation: 15
Question iptables - redirect to another machine


Hey,

I've been using linux (centOS) for a while now but never got used to iptables. What I want to do is forward a port from a station behind a linux gateway, trough the gateway and to another computer in the Internet.

I've tried google but all i got is how to forward a port from the Internet trough the gateway and to a station behind the gateway. I want do to just the opposite and can't manage exactly how.

Any help?!
 
Old 01-31-2008, 11:07 AM   #2
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 122Reputation: 122
Any outgoing connections should be allowed unless you have a rule specifically denying them.
 
Old 01-31-2008, 12:31 PM   #3
Braynid
Member
 
Registered: May 2006
Location: Romania
Distribution: CentOS
Posts: 140

Original Poster
Rep: Reputation: 15
That's not the point. I want to forward port 'x' from my linux gateway to a computer in the Internet.


Here's what I mean:

local station(port 'x')======>linuxGW(port 'x')=======>other machine(port 'x')
 
Old 01-31-2008, 01:20 PM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 122Reputation: 122
You'll probably need something like this to NAT both directions
Code:
iptables -t nat -A PREROUTING -i $LAN_IF -p tcp --dport $X -j DNAT --to-destination $OTHER_MACHINE
iptables -t nat -A POSTROUTING -i $WAN_IF -s $OTHER_MACHINE -p tcp --sport $X -j SNAT --to-source $LAN_IP:$X
$X is the port in question, $OTHER_MACHINE is the one on the internet, $LAN_IF is your LAN interface, $WAN_IF is your WAN interface, and $LAN_IP is your LAN IP on the gateway.
 
Old 02-01-2008, 12:45 AM   #5
ehawk
Senior Member
 
Registered: Jul 2003
Posts: 1,257

Rep: Reputation: 48
http://www.redhat.com/docs/manuals/l...l-sg-en-80.pdf (page 69)

http://www.netfilter.org/documentati...NAT-HOWTO.html

http://www.hackorama.com/network/portfwd.shtml

http://linuxgazette.net/103/odonovan.html

http://users.ece.gatech.edu/~owen/Ac...l_11152005.doc


Taken from a slashdot thread/question:

OK here's an example: our gateway is 192.168.0.1 with lan interface eth0 and internet interface eth1. We want to redirect port 21 (FTP) to the machine 192.168.0.10

First of all, we need to add a rule matching incoming data to port 21. We use the PREROUTING chain in the NAT table:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to-destination 192.168.0.10

This says: in the network address translation table and the chain that deals with incoming data prior to routing, and if the data is coming in from the internet and wants to go to TCP port 21 (ftp), DNAT (destination network address translate) it to transparently make it go to 192.168.0.10

Here's a generic template:

iptables -t nat -A PREROUTING -i [net interface] [selection rules - proto, port] -j DNAT --to-destination [ip on lan]

You can also redirect to a different port number, in the above example to redirect to 192.168.0.10 port 321 it would be:

--to-destination 192.168.0.10:321

As for this being an FAQ, I am aware of no such references on IPTables, and it doesn't matter. I think the manual page provides more than sufficient information to get you started. If you don't understand it, then you should not be administering a gateway of any kind!

Last edited by ehawk; 02-01-2008 at 12:54 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables redirect sanjibgupta Linux - Networking 3 05-18-2007 04:16 AM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 01:59 AM
iptables redirect _ben_deb_ Linux - Networking 7 11-13-2004 06:06 AM
iptables redirect slack Linux - Networking 0 06-17-2002 05:04 AM
iptables redirect bhartnett Linux - Networking 1 09-26-2001 10:11 PM


All times are GMT -5. The time now is 05:42 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration