Versions Compared

Old Version 3

changes.mady.by.user Chun Kang

Saved on

compared with

New Version Current

changes.mady.by.user Chun Kang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Forward all incoming packets through a certain port

In this example all incoming traffic on port 80 redirect to port 8123

Code Block
iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123



Delete all existing rulesBelow is a case to forward all the incoming packets to two different local mysql servers

Code Block
sudo iptables -F

In case of forwarding 

Code Block

sudo iptables -t nat -IF
sudo PREROUTINGiptables --src 0/0 --dst 10.0.3.10t mangle -F
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 63001 -j REDIRECTDNAT --to-ports destination 10.0.3.10:3306
sudo iptables -t nat -IA PREROUTING --src 0/0p tcp -i eth0 --dport 63101 -j DNAT --dstto-destination 10.0.3.20:3306
sudo iptables -pt tcpnat -A POSTROUTING -dporto 63101eth0 -j REDIRECT --to-ports 3306MASQUERADE


Below is a case to forward all the incoming packets to two different local mysql servers as well as Redis

Code Block
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
Code Block
sysctl net.ipv4.ip_forward=1
my_wan_ip=13.124.177.95

sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 63001 -j DNAT --to-destination 10.0.3.10:3306
sudo iptables -t nat -A FORWARDPREROUTING -p tcp -d 10.0.3.10i eth0 --dport 330664001 -mj stateDNAT --state NEW,ESTABLISHED,RELATED -j ACCEPTto-destination 10.0.3.10:6379
sudo iptables -A POSTROUTING -t nat -pA tcpPREROUTING -mp tcp -s 192.168.1.200i eth0 --sportdport 808063101 -j SNATDNAT --to-source $my_wan_ip
destination 10.0.3.20:3306
sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 6310164101 -j DNAT --to-destination 10.0.3.20:33066379
sudo iptables -t nat -A FORWARDPREROUTING -p tcp -d 10.0.3.20i eth0 --dport 330660050 -mj stateDNAT --state NEW,ESTABLISHED,RELATED -j ACCEPTto-destination 10.0.3.50:5044
sudo iptables -A POSTROUTING -t nat -pA tcpPOSTROUTING -m tcp -s 192.168.1.200 --sport 8080 -j SNAT --to-source $my_wan_ip


o eth0 -j MASQUERADE



Show all the list in the iptables

Code Block
sudo iptables -A POSTROUTINGS

or

Code Block
sudo iptables -t nat -p tcpL -m tcp -s 192.168.1.200 --sport 8080 -j SNAT --to-source $yours_wan_ip-line-numbers



Delete all existing rules

Code Block
sudo iptables -F



Save the existing iptable settings

Code Block
/etc/init.d/iptables save


To restore the settings

Code Block
/etc/init.d/iptables start