Can't get port forwarding to work on Ubuntu

Question

I'm using my server as NAT/router, which works well. But now I'm trying to forward port 3478, which I can't get to work.

eth0 = public interface
eth1 = private network

$ cat /proc/sys/net/ipv4/conf/eth0/forwarding
1
$ cat /proc/sys/net/ipv4/conf/eth1/forwarding
1

Then to forward port 3478 to 10.0.0.7, I read somewhere that I should run

iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 3478 -j DNAT --to-destination 10.0.0.7:3478
iptables -A FORWARD -p tcp -d 10.0.0.7 --dport 3478 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

I also ran

ufw allow 3478

But testing port 3478 with http://www.canyouseeme.org/ doesn't work. Any idea what I have done wrong?

Here's a few methods of port forwarding http://serverfault.com/questions/401842/forward-localhost-memcached-server-on-port-12111-to-domain-com-memcached-server — Ben Lessani, Sep 22 '12 at 13:55
Does the machine `10.0.0.7` also have a proper Netfilter `MASQUERADING` or `SNAT` rule? — Alexander Janssen, Oct 08 '12 at 17:51
@Znarkus in mean in your Ubuntu firewall. Check the OUTPUT chain of the NAT table. — Alexander Janssen, Oct 09 '12 at 08:40
@Znarkus Try a `iptables -t nat -A OUTPUT -p tcp --sport 3478 -s 10.0.0.7 -o eth0 -j MASQUERADE` - this enables SNAT for this very one IP-address. — Alexander Janssen, Oct 09 '12 at 21:18

score 1 · Answer 1 · edited Jan 22 '23 at 18:34

1

I use port forwarding (and working) on Ubuntu server with:

#NAT:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 3478 -j DNAT --to 10.0.0.7

#FORWARD:
iptables -A FORWARD -p tcp -i eth0 -d 10.0.0.7 --dport 3478 -j ACCEPT

edited Jan 22 '23 at 18:34

Said Torres

103
3

answered Sep 22 '12 at 13:47

laurent

2,055
16
14

Can't get port forwarding to work on Ubuntu

1 Answers1