IPTables port forwarding to routed IP
 

Hello-

I have a linux server I'm intending to use as a firewall.
The server has the following adapters
eth0 - Public IP (VLAN2)
eth0:1 - Public IP2 (VLAN2)
eth1 - 10.241.4.4 (VLAN4)

the Default gateway is my ISPs gateway.
Additionally, I have the following route set:
route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.241.4.1

I have a server that exists on VLAN 208 at IP 10.241.209.67/21., its GW is 10.241.208.1 (first IP in /21 range)

as it is on the 10.0.0.0/8 network, traffic from the firewall is successfully routed from that server through my router to the FW and out to the Internet. The FW can ping, ssh, etc... the server and vice versa.

I want an iptables rule that will allow me to forward port 4401 on eth0:1 to 10.241.209.67:4401.

Is this possible since the IP is not on the same subnet as eth1, even though it is accessible?

I am very new to iptables, though I'm a bit better than a neophyte linux user. I have not made port forwards with it in the past without scripts to assist so I'm looking for not just "it is possible", but also the syntax of how to add it.

Thanks in advance.

IP2= ip address of eth0:1
iptables -t nat -A PREROUTING -d ${IP2} --protocol tcp --dport 4401 -j DNAT --to-destination 10.241.209.67:4401

when the packet arrive with the destination address IP2 it will change the destination address to the one you specify at the end, then the normal routing will apply and the packet will end at the right place

make sure that there is a 1 in /proc/sys/net/ipv4/ip_forward

Thank you, this resolved my issue.