From IT Mission Linux Tips, Hacks, Tutorials, Howtos - Itmission.org

Main: IPTABLES-Prerouting-to-internal-network


IPTABLES Prerouting to internal network

If you have a server on your internal network that you want make available externally, you can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP address and port where incoming packets requesting a connection to your internal service can be forwarded.

For example, if you want to forward incoming HTTP requests to your dedicated Apache HTTP Server at 192.168.1.10, use the following command:

[root@myServer ~ ] # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.10:80

This rule specifies that the nat table use the built-in PREROUTING chain to forward incoming HTTP requests exclusively to the listed destination IP address of 192.168.1.10.

PREROUTING

 
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.10:80

Adding FORWARD Rule Also

 
iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 192.168.1.10 -j ACCEPT

Retrieved from http://www.itmission.org/Main/IPTABLES-Prerouting-to-internal-network
Page last modified on August 21, 2012, at 02:35 PM