Iptables port forwarding

From Wiki
Jump to: navigation, search

Port forwarding can be used to forward requests to a new server.

echo "1" > /proc/sys/net/ipv4/ip_forward

To make this permanent edit the /etc/sysctl.conf file.

sysctl net.ipv4.ip_forward=1

Next update the iptables rules to forward traffic.

newip=192.168.0.5
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to $newip:80
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to $newip:443 

Enable SNAT for packets to have the proper source address.

iptables -t nat -A POSTROUTING -o <NIC> -p tcp --dport 80 -d $newip -j SNAT --to-source <IP>

Forward DNS requests:

-A PREROUTING -p udp --dport 53 -m comment --comment "121 DNS udp forwarding" -j DNAT --to 10.201.40.69:53
-A PREROUTING -p tcp --dport 53 -m comment --comment "121 DNS tcp forwarding" -j DNAT --to 10.201.40.69:53
-A POSTROUTING -o br0 -p tcp --dport 53 -d 10.201.40.69 -j SNAT --to-source 10.209.44.27
-A POSTROUTING -o br0 -p udp --dport 53 -d 10.201.40.69 -j SNAT --to-source 10.209.44.27