Wednesday, October 21, 2009

linux iptables port forwarding (PAT)

# Forward an external port to a different internal port on a NAT'd IP
# 1.2.3.4 is the Linux WAN IP
# 10029 is the opened WAN port on the Linux Router
# 192.168.0.12:22 is the private IP and port number to forward port 10029 traffic to
#
iptables -I PREROUTING -t nat -p tcp -d 1.2.3.4 --dport 10029 -j DNAT --to 192.168.0.12:22
iptables -I POSTROUTING -t nat -p tcp -s 192.168.0.12 --sport 22 -j SNAT --to 1.2.3.4:10029
iptables -I OUTPUT -t nat -p tcp -d 1.2.3.4 --dport 10029 -j DNAT --to 192.168.0.12:22
iptables -I INPUT -p tcp -d 192.168.0.12 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.0.12 --dport 22 -j ACCEPT
iptables -I FORWARD -p tcp -s 192.168.0.12 --sport 22 -j ACCEPT

Additional Reading:

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

1 comment: