Saturday, June 16, 2001

How To IPtables


1) How do I forward port 21 request from external interface( eth1)/( to a Internal System on my LAN- ?

ie. whenever a request for port 21 comes on external interface it should be forwarded to on my local LAN.

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to-destination


iptables -t nat -A PREROUTING -p tcp -d --dport 80 -j DNAT --to-destination

here packets will be forwarded from for port 80 to range of ipaddress to

The above command will forward request coming for on port 21 on a different system on lan(

The same way you can add a rule for eth0

You can also redirect to a different port number –to-destination

Redirect ports on internal machine

#iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

ie. request coming on 80 will be forwarded to 8080

