Saturday, June 16, 2001

How To IPtables

How To IPTABLES


1) How do I forward port 21 request from external interface(202.54.1.10- eth1)/(192.168.0.3-eth0) to a Internal System on my LAN- 192.168.0.10 ?


ie. whenever a request for port 21 comes on external interface it should be forwarded to 192.168.0.10 on my local LAN.


#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to-destination 192.168.0.10


Alternatively,


iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport 80 -j DNAT --to-destination 192.168.1.1:80-192.168.1.10


here packets will be forwarded from 15.45.23.67 for port 80 to range of ipaddress

192.168.1.1 to 192.168.1.10



The above command will forward request coming for 202.54.1.10 on port 21 on a different system on lan(192.168.0.10)


The same way you can add a rule for eth0


You can also redirect to a different port number –to-destination 192.168.0.10:321


Redirect ports on internal machine


#iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080


ie. request coming on 80 will be forwarded to 8080