Iptables port forwarding in centos

Source: Internet
Author: User
In Linux, how does one implement Iptables port forwarding? Based on an example, this article describes how to implement Iptables port forwarding in Linux.

LinuxLowerIptables port forwardingFunction solution:

Let's start with an example: an enterprise tests a server software. Based on win2k, the port number is 881. the server connects directly to the external network, and the client accesses it through the server ip address. Exclude Windows. if Linux is used, how can I resolve iptables port forwarding. After reading the data, iptables's port forwarding function can be solved. The following is a solution to the Iptables port forwarding function in Linux:

Purpose: use port forwarding. after the server receives a port 881 request, it forwards the request to 10.10.2.200: 881 and then returns the data to the request connection.

Eth0: Connect to ADSL, that is, the ppp0 interface

Eth1: connects to the internal network. the ip address is 10.10.1.1.

10.10.2.200 is a win2k server with Port 881 providing network services.

Iptbles script:

 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 881 -j DNAT --to-destination 10.10.2.200:881 


Send 881 requests to Port 10.10.2.00: 881


iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.2.200 -p tcp -m tcp --dport 881 -j SNAT --to-source  


10.10.1.1; return. b. b. d. when the data source comes from the same subnet, change the source address to 10.10.1.1, issue the data source from eth0, and find a in the connection tracking table. b. c. d

This data is sent from ppp0 again.

Of course, do not forget to add a statement to allow access to port 881.

iptables ?A INPUT ?p tcp ?dport 881 ?i ppp0 ?j ACCEPT  

Can I place the server in a local area and use port forwarding? The answer is of course yes. since Port 881 can be forwarded, ports and 80 will not be used, and many server software can customize ports, as long as there is an appropriate port, even if you open an ftp server for each user in the LAN. All services you want to implement can be implemented, of course, based on port forwarding.

In the LAN, 10.10.2.101 is win2k and provides the www service. The port is 800. Access through server http: // serverip: 800.

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 800 -j DNAT --to-destination 10.10.2.101:800   iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.2.101 -p tcp -m tcp --dport 800 -j SNAT --to-source   10.10.1.1  iptables ?A INPUT ?p tcp ?dport 800 ?i ppp0 ?j ACCEPT  

Because port forwarding is implemented, you only need to install iptables on the server to forward data. all services are done by the internal server. in this case, linux server is actually a firewall, and the Iptables port forwarding function in Linux is also implemented.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.