...
Forward all incoming packets through a certain port
In this example all incoming traffic on port 80 redirect to port 8123
Code Block |
---|
iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123 |
In case of forwarding Below is a case to forward all the incoming packets to two different local mysql servers
Code Block |
---|
sudo iptables -tF
sudo natiptables -It PREROUTINGnat --src 0/0F
sudo iptables --dst 10.0.3.10 -p tcp --dport 63001 -j REDIRECT --to-ports 3306t mangle -F
sudo iptables -t nat -IA PREROUTING --src 0/0p tcp --dst 10.0.3.20 -p tcpi eth0 --dport 6310163001 -j REDIRECTDNAT --to-ports 3306 |
Code Block |
---|
sysctl net.ipv4.ip_forward=1
my_wan_ip=13.124.177.95
destination 10.0.3.10:3306
sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 6300163101 -j DNAT --to-destination 10.0.3.1020:3306
sudo iptables -At FORWARDnat -pA tcpPOSTROUTING -d 10.0.3.10 --dport 3306 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTINGo eth0 -j MASQUERADE |
Below is a case to forward all the incoming packets to two different local mysql servers as well as Redis
Code Block |
---|
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -t nat -pA tcpPREROUTING -mp tcp -s 192.168.1.200i eth0 --sportdport 808063001 -j SNATDNAT --to-source $my_wan_ip
destination 10.0.3.10:3306
sudo iptables -t nat -A PREROUTING -p tcp -i ppp0eth0 --dport 6310164001 -j DNAT --to-destination 10.0.3.2010:33066379
sudo iptables -t nat -A FORWARDPREROUTING -p tcp -d 10.0.3.20i eth0 --dport 330663101 -mj stateDNAT --state NEW,ESTABLISHED,RELATED -j ACCEPTto-destination 10.0.3.20:3306
sudo iptables -A POSTROUTING -t nat -pA tcpPREROUTING -mp tcp -s 192.168.1.200i eth0 --sportdport 808064101 -j SNATDNAT --to-source $my_wan_ip
destination 10.0.3.20:6379
sudo iptables -At POSTROUTINGnat -tA natPREROUTING -p tcp -i eth0 --dport 60050 -mj tcpDNAT --to-sdestination 19210.1680.1.200 --sport 8080 -j SNAT --to-source $yours_wan_ip |
...
3.50:5044
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE |
Show all the list in the iptables
Code Block |
---|
sudo iptables -S |
or
Code Block |
---|
sudo iptables -t nat -L --line-numbers |
Delete all existing rules
Code Block |
---|
sudo iptables -F |
Save the existing iptable settings
Code Block |
---|
/etc/init.d/iptables save |
To restore the settings
Code Block |
---|
/etc/init.d/iptables start |