I have a linux box acting as a firewall and I have another linux box behind the firewall configured to listen on port 321 for ssh. I want to port forward anything sent to my firewall port 321 to my second box.

I tried adding a nat but this isn't working:

-A PREROUTING -i eth0 -p tcp -m tcp --dport 321 -j REDIRECT --to 10.10.10.91 --to-port 321



my iptables are below:

*nat
:PREROUTING ACCEPT [10927:1731596]
:POSTROUTING ACCEPT [10700:849160]
:OUTPUT ACCEPT [12553:962696]
# Portforward all port 321 traffic to miller
# Masq all outbound traffic.
-A PREROUTING -i eth0 -p tcp -m tcp --dport 321 -j REDIRECT --to 10.10.10.91 --to-port 321
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Mar 2 18:35:09 2003
# Generated by iptables-save v1.2.6a on Sun Mar 2 18:35:09 2003
*filter
:INPUT DROP [6085:1463148]
:FORWARD DROP [409532:126404563]
:OUTPUT ACCEPT [29412:2464787]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A FORWARD -i eth1 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m limit -j LOG
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

I figured out what what was wrong... I need to allow forwarding of that port:

-A FORWARD -i eth0 -p tcp -m tcp --dport 321 -j ACCEPT

then my preroute should have been:

-A PREROUTING -i eth0 -p tcp --dport 321 -j DNAT --to 10.10.10.91