IP Tables though Simple Router Machine

Question

I have being setting myself up a router, for mainly for dns+dhcp functionality (mess about with alot of virtual machines). I have two interfaces eth0 and eth1. Eth0 can be see as the WAN with eth1 for the internal network.

This is my current IPtables rules that run on boot and works well expect for forwarding.

#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 10.3.193.185


iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT


# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

This is the rule I have tired to add that does not work.

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 10.3.193.185

I also have more than web (port 80) server so how would I port forward?

Answer 1

If you are simply trying to forward traffic hitting your router on port 80 to some internal server's port 80, the following series of prerouting and forwarding rules are neeeded for port forwarding to work.

iptables -t nat -A PREROUTING -p tcp -i eth0  --dport 80 --sport 1024:65535 -j DNAT --to 10.3.193.185:80

iptables -A FORWARD -p tcp -i eth0 -o eth1 -d 10.3.193.185 --dport 80 --sport 1024:65535 -m state --state NEW -j ACCEPT

iptables -A FORWARD  -o eth0 -m state  --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i eth0 -m state  --state ESTABLISHED,RELATED -j ACCEPT