Friday, July 29, 2011

iptables: port forwarding, multiple ports, port range

in your /etc/sysconfig/iptables...

to forward from receiving ip to destination ip on the same port:

# nat to destination - forward all requests received by receiving ip on receiving port to destination ip
-A PREROUTING -d <receiving ip> -p tcp --dport <receiving port> -j DNAT --to <destination ip>


# nat from destination - mask incoming from destination ip on receiving port as from receiving ip
-A PREROUTING -d <destination ip> -p tcp --dport <receiving port> -j SNAT --to <receiving ip>

to forward from receiving ip's specific port to destination ip's different port:

# nat to destination - forward all requests received by receiving ip on receiving port to destination ip on different port
-A PREROUTING -d <receiving ip> -p tcp --dport <receiving port> -j DNAT to <destination ip>:<destination port>


# nat from destination - mask incoming from destination ip's destination port as from receiving ip's receiving port
-A POSTROUTING -d <destination ip> -p tcp --dport <destination port> -j SNAT --to <receiving ip>:<receiving port>

see sample below:












to forward to a port range:
-A PREROUTING -d <receiving ip> -p tcp --dport <start of port range>:<end of port range> -j DNAT --to <destination ip> --sport <start of port range>:<end of port range>
-A POSTROUTING -d <destination ip> -p tcp --dport <start of port range>:<end of port range> -j SNAT --to  <receiving ip> --sport <start of port range>:<end of port range>



be sure to accept connections to that port range:
-A INPUT -p tcp --dport <start of port range>:<end of port range> -j ACCEPT

No comments:

Post a Comment

SSH : No matching host key type found. Their offer: ssh-rsa,ssh-dss

Got this while connecting to my mikrotik router via ssh   Unable to negotiate with <ip address> port <ssh port>: no matching hos...