LinuxQuestions.org

LinuxQuestions.org (http://www.linuxquestions.org/questions/index.php)
-   Linux - Networking (http://www.linuxquestions.org/questions/forumdisplay.php?f=3)
-   -   iptables forward port to another host (http://www.linuxquestions.org/questions/showthread.php?t=844467)

sparkey 11-15-2010 08:18 PM

iptables forward port to another host
 
Hi,

I will try to explain my scenario as good as i can.

Lets say i have two machines on public ips. If i get incoming traffic on machine #1 on port 55242 i would just like to forward it to machine #2 on port 35000.

I would just like to use machine #1 same way as a dns server works.
It just redirects the traffic and tells the client where to go.

Thankful for all answers.

pnmanojshenoy 11-15-2010 08:55 PM

Hello,

Can you please explain more as it the two machine interconnected? I mean does the machine I has 2 NIC card

1. eth0 for public IP and eth1 connected to machine 2 if this is the secnario this can be done.

sparkey 11-15-2010 10:45 PM

Quote:

Originally Posted by pnmanojshenoy (Post 4160121)
Hello,

Can you please explain more as it the two machine interconnected? I mean does the machine I has 2 NIC card

1. eth0 for public IP and eth1 connected to machine 2 if this is the secnario this can be done.

Thx for your answer.

No that is not the case. It is two physical machines. Is there some way to do it theoretical?

Juako 11-20-2010 12:23 AM

Yes,it is the same, iptables-wise to do it with two machines in the same LAN or with remote machines. You just have to know the address of the other machine.

In #1 run as root:

Code:

iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to <ip address of #2>:35000
iptables -A FORWARD -d <ip address of #2> -p tcp --dport 35000 -j ACCEPT
sysctl net.ipv4.ip_forward=1

the first line puts a iptables rule to change the destination address and port for traffic directed to #1:55242 , setting them to #2:35000.

the second line allows this redirected traffic to be forwarded

the third line enables traffic forwarding in the kernel.

For most setups this is all that you need. If you have problems let me now. Have in account this is for tcp traffic, if you want to redirect udp traffic just copy lines 1 and 2 and change "tcp" with "udp".

caibbor 02-17-2011 11:25 AM

# iptables -t nat -A PREROUTING -p tcp 55242 -j DNAT --to 192.168.0.101:35000
Bad argument `55242'
Try `iptables -h' or 'iptables --help' for more information.

win32sux 02-19-2011 07:50 PM

Quote:

Originally Posted by caibbor (Post 4261753)
# iptables -t nat -A PREROUTING -p tcp 55242 -j DNAT --to 192.168.0.101:35000
Bad argument `55242'
Try `iptables -h' or 'iptables --help' for more information.

That error is caused by a missing --dport, which Juako left out by mistake.
Code:

iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to 192.168.0.101:35000

Juako 02-24-2011 11:17 AM

Quote:

Originally Posted by win32sux (Post 4264335)
That error is caused by a missing --dport, which Juako left out by mistake.
Code:

iptables -t nat -A PREROUTING -p tcp --dport 55242 -j DNAT --to 192.168.0.101:35000

Yes, my mistake. I'm fixing the answer now. Thank you win32sux, you're right as your nick :D

chrisphillips 04-17-2013 08:49 PM

Firstly thanks for this - I have finally got iptables port forwarding working.

However on Debian Squeeze running a 2.6.32 kernel these commands where not enough. I also had to use

Code:

iptables -t nat -A POSTROUTING -j MASQUERADE
I also used --to-destination rather than --to but not sure if that matters


All times are GMT -5. The time now is 11:29 AM.