iptables nat port forwarding rule set

crowhurst01 · 10-16-2006, 03:07 AM

I have been trying to do a port forward, but I am new to iptables.

I have two ethernet ports: eth0 WAN, and eth1 LAN

I want anything which hits eth0 dport 2222 to be forwarded out eth1 to 192.168.1.5:8000

Do I need to do a FORWARD, PREROUTE and POSTROUTE rule? Or can I just do a PREROUTE

I tried this with no luck:

sudo iptables -A FORWARD -i eth0 -p tcp --dport 2222 -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2222 -j DNAT --to-destination 192.168.1.5:8000

Do I need the:
sudo iptables -A FORWARD -i eth0 -p tcp --dport 2222 -j ACCEPT
or will PREROUTE work without it?

Do I need to FORWARD if I already have a routing table set up?

JiYu · 10-16-2006, 05:11 AM

for an example:

Code:

PORT=443
DMZ_IP=192.168.99.99
DMZ_IF=eth2

/sbin/iptables -A PREROUTING -t nat -p tcp --dport $PORT -i ppp0 -j DNAT --to $DMZ_IP:$PORT
/sbin/iptables -A FORWARD -p tcp -d $DMZ_IP --dport $PORT -i ppp0 -o $DMZ_IF -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -s $DMZ_IP --sport $PORT -i $DMZ_IF -o ppp0 -j ACCEPT