-   Linux - Networking (
-   -   IPTables Help - Forwarding from one port to another (

cedricd 01-04-2009 11:20 PM

IPTables Help - Forwarding from one port to another
I am running Ubuntu 8.04, and how I want it is so that if any computer connects to the server on 10.20.117.x:445 it will forward it to using <Server's IP> which is a public interface.

Any thoughts/ideas?


iptables -t nat -A PREROUTING  -p tcp -d 10.20.117.x --destination-port 465 -j DNAT --to-destination
iptables -t nat -A POSTROUTING -p tcp --dst --dport 465 -j SNAT --to-source <Server's IP>
iptables -A FORWARD -p tcp -d --dport 465 -j ACCEPT

blackhole54 01-05-2009 07:52 AM

With a couple of changes (highlighted in bold below) to you first rule, I think that should work assuming that your routing table directs a destination of out the interface you wish:


iptables -t nat -A PREROUTING  -p tcp -d --destination-port 445 -j DNAT --to-destination
If you wish you can make your second rule more general where it will SNAT all LAN packets going out the public interface. In most cases this is what you would want:


PUBLIC_IF=<public interface, e.g. eth1>
PUBLIC_IP=<Server's IP>

iptables -t nat -A POSTROUTING -s $LAN_IP -o $PUBLIC_IF -j SNAT --to-source $PUBLIC_IP

Adjust $LAN_IP, $PUBLIC_IF and $PUBLIC_IP as needed.

If you are unfamiliar with CIDR notation, you can read about it here. In a nutshell (quoting from the linked page):


In CIDR notation, the number of 1.s in the binary version of the mask are counted from the left, and that number is appended to the end of the base address following a slash (/). In the example here the subnet would be listed in CIDR notation as

cedricd 01-05-2009 11:07 PM

Thanks :)

All times are GMT -5. The time now is 05:50 PM.