NAT with iptables

Question

I'm making a nat on port 43 on a server with iptables like this:

iptables -t nat -A PREROUTING -p tcp --dport 43 -j DNAT --to-destination 192.168.1.100:43
iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.100 --dport 43 -j MASQUERADE

This is working fine, but I would also want to make a nat to another server on port 43, but on incoming port 44 (port 43 i now occupied) like this:

iptables -t nat -A PREROUTING -p tcp --dport 44 -j DNAT --to-destination 192.168.1.101:43
iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.101 --dport 44 -j MASQUERADE

But this is not working, what I'm doing wrong?

score 0 · Answer 1 · answered Sep 12 '16 at 15:33

First of all, this should more properly be on the SuperUser SE, as it is not programming related.

The issue is in the 2nd line. Once the PREROUTING DNAT is complete, the dport is no longer 44 but 43. You must change your 2nd line from

iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.101 --dport 44 -j MASQUERADE

to

iptables -t nat -A POSTROUTING -p tcp -d 192.168.1.101 --dport 43 -j MASQUERADE

NAT with iptables

1 Answers1