Port forwarding with iptables

KUCKAERTZ Régis - NVISION regis at nvision.lu
Wed Sep 1 17:47:49 CEST 2004


Hello,

Our ISP only allows connections coming from a well-defined list of IP
addresses. Since we must be able to log on to our servers no matter where we
are, I just thought using iptables on one host having one of the authorized
IP addresses would be the solution.

So I went on reading iptables docs and howtos, but as you might guess I
couldn't stand how to do it exactly. Let's put it correctly stated: every
incoming connection to, say, port 3999 of my host ($HOST_IP) should be
forwarded to port 123 of the protected server ($SERVER_IP). I tried the
following two rules:

$IPTABLES -t nat -A PREROUTING -p tcp --dst $HOST_IP --dport 3999 -j DNAT
--to-destination $SERVER_IP:123

   This one should do the forwarding

$IPTABLES -t nat -a POSTROUTING -p tcp --dst $SERVER_IP --dport 123 -j
MASQUERADE

   ... and this one should masquerade

As I'm new to iptables, I don't know at that time every aspect that I must
be careful of, so as a first tip can anybody tell me what would the exact
solution be?

I have set IP forwarding to 1 in /proc/sys/net/ipv4/ip_forward

Best regards,
Régis KUCKAERTZ
-----------------------------------------
NVISION sa - Luxembourg
Internet Services & Network Programming

50, rue des Prés
L-7333 Steinsel
Tél: (+352) 26 34 09 08
Fax: (+352) 26 34 09 07
http://www.nvision.lu/




More information about the netfilter-devel mailing list