Versions Compared

Old Version 4

changes.mady.by.user Chun Kang

Saved on

compared with

New Version Current

changes.mady.by.user Chun Kang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Forward all incoming packets through a certain port

In this example all incoming traffic on port 80 redirect to port 8123

Code Block
iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123



In case of forwarding Below is a case to forward all the incoming packets to two different local mysql servers

Code Block
sudo iptables -tF
sudo natiptables -It PREROUTINGnat --src 0/0F
sudo iptables --dst 10.0.3.10 -p tcp --dport 63001 -j REDIRECT --to-ports 3306t mangle -F
sudo iptables -t nat -IA PREROUTING --src 0/0p tcp --dst 10.0.3.20 -p tcpi eth0 --dport 6310163001 -j REDIRECTDNAT --to-ports 3306
Code Block
sysctl net.ipv4.ip_forward=1
my_wan_ip=13.124.177.95
destination 10.0.3.10:3306
sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 6300163101 -j DNAT --to-destination 10.0.3.1020:3306
sudo iptables -At FORWARDnat -pA tcpPOSTROUTING -d 10.0.3.10 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTINGo eth0 -j MASQUERADE


Below is a case to forward all the incoming packets to two different local mysql servers as well as Redis

Code Block
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -t nat -pA tcpPREROUTING -mp tcp -s 192.168.1.200i eth0 --sportdport 808063001 -j SNATDNAT --to-source $my_wan_ip
destination 10.0.3.10:3306
sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 6310164001 -j DNAT --to-destination 10.0.3.2010:33066379
sudo iptables -t nat -A FORWARDPREROUTING -p tcp -d 10.0.3.20i eth0 --dport 330663101 -mj stateDNAT --state NEW,ESTABLISHED,RELATED -j ACCEPTto-destination 10.0.3.20:3306
sudo iptables -A POSTROUTING -t nat -pA tcpPREROUTING -mp tcp -s 192.168.1.200i eth0 --sportdport 808064101 -j SNATDNAT --to-source $my_wan_ip


destination 10.0.3.20:6379
sudo iptables -At POSTROUTINGnat -tA natPREROUTING -p tcp -i eth0 --dport 60050 -mj tcpDNAT --to-sdestination 19210.1680.1.200 --sport 8080 -j SNAT --to-source $yours_wan_ip

...

3.50:5044
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE



Show all the list in the iptables

Code Block
sudo iptables -S

or

Code Block
sudo iptables -t nat -L --line-numbers



Delete all existing rules

Code Block
sudo iptables -F



Save the existing iptable settings

Code Block
/etc/init.d/iptables save


To restore the settings

Code Block
/etc/init.d/iptables start