In Linux, how does one implement Iptables port forwarding? Based on an example, this article describes how to implement Iptables port forwarding in Linux.
LinuxLowerIptables port forwardingFunction solution:
Let's start with an example: an enterprise tests a server software. Based on win2k, the port number is 881. the server connects directly to the external network, and the client accesses it through the server ip address. Exclude Windows. if Linux is used, how can I resolve iptables port forwarding. After reading the data, iptables's port forwarding function can be solved. The following is a solution to the Iptables port forwarding function in Linux:
Purpose: use port forwarding. after the server receives a port 881 request, it forwards the request to 10.10.2.200: 881 and then returns the data to the request connection.
Eth0: Connect to ADSL, that is, the ppp0 interface
Eth1: connects to the internal network. the ip address is 10.10.1.1.
10.10.2.200 is a win2k server with Port 881 providing network services.
Iptbles script:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 881 -j DNAT --to-destination 10.10.2.200:881
Send 881 requests to Port 10.10.2.00: 881
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.2.200 -p tcp -m tcp --dport 881 -j SNAT --to-source
10.10.1.1; return. b. b. d. when the data source comes from the same subnet, change the source address to 10.10.1.1, issue the data source from eth0, and find a in the connection tracking table. b. c. d
This data is sent from ppp0 again.
Of course, do not forget to add a statement to allow access to port 881.
iptables ?A INPUT ?p tcp ?dport 881 ?i ppp0 ?j ACCEPT
Can I place the server in a local area and use port forwarding? The answer is of course yes. since Port 881 can be forwarded, ports and 80 will not be used, and many server software can customize ports, as long as there is an appropriate port, even if you open an ftp server for each user in the LAN. All services you want to implement can be implemented, of course, based on port forwarding.
In the LAN, 10.10.2.101 is win2k and provides the www service. The port is 800. Access through server http: // serverip: 800.
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 800 -j DNAT --to-destination 10.10.2.101:800 iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.2.101 -p tcp -m tcp --dport 800 -j SNAT --to-source 10.10.1.1 iptables ?A INPUT ?p tcp ?dport 800 ?i ppp0 ?j ACCEPT
Because port forwarding is implemented, you only need to install iptables on the server to forward data. all services are done by the internal server. in this case, linux server is actually a firewall, and the Iptables port forwarding function in Linux is also implemented.