Port Forwarding Using iptables on Ubuntu

Question

This is the scenario

I have configured a web-server in MUX. Now I want to access that web-server from Internet. Ubuntu box has two interfaces, One is connected to WAN (Public IP) and another one is connected to MUX (Private IP). MUX has no option to insert default gateway.

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 103.x.x.x --dport 8001 -j DNAT --to-destination 192.168.1.2:8080
iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

It does not work.

score 3 · Accepted Answer · answered Oct 18 '12 at 11:48

3

What you want is this:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8081 -m conntrack -ctstate NEW -j DNAT --to 192.168.1.2:8080
iptables -t nat -A PREROUTING -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE

hope this helps.

answered Oct 18 '12 at 11:48

Valentin Bajrami

4,045
1
18
26

This looks pretty complicated. I want to learn some of it. Do you know some nice documentation I can refer to? – SamK Oct 18 '12 at 12:44
Use an irc client and connect to irc.freenode.net #iptables – Valentin Bajrami Oct 18 '12 at 14:53
1

@val0x00ff Is it any problem If I use `-m state --state` instead of `m conntrack --ctstate`? – user141610 Oct 20 '12 at 10:59
1

@user141610 The difference between the two is explained here: http://serverfault.com/questions/358996/iptables-whats-the-difference-between-m-state-and-m-conntrack – Valentin Bajrami Oct 21 '12 at 18:56

Port Forwarding Using iptables on Ubuntu

1 Answers1