14

How can I modify this iptables rule, so that all traffic which coming for this computer will be forwarded to 192.168.42.10? 

iptables -t nat -A PREROUTING -s 192.168.46.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.42.10:80

The problem is that I create the ip tables rule from ansible and created it in different environments, where the ip address ranges are different, but I want to forward the 80 port to 192.168.42.10 always.

PumpkinSeed
  • 355

1 Answers1

15

This rule will forward 80 port to 192.168.42.10 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.42.10:80

but this is not enough If you want to get back traffic then you should add this rule

iptables -t nat -A POSTROUTING -p tcp -d 192.168.42.10 --dport 80 -j SNAT --to-source 192.168.42.1

where ip address 192.168.42.1 is your iptables computer

These two rules have to solve the task.

muru
  • 601
stambata
  • 1,718
  • Thank you it is working, but I had an other issue. Here is my current iptbales http://pastebin.com/gasEMiqh and it has a nat too to the LXC containers. When I use the port forward in the containers I cant use the yum, so I cant install packages. How can I solve this problem? – PumpkinSeed Mar 26 '16 at 21:15
  • You have to configure yam to use anHTTP proxy To enable all yum operations to use a proxy server, specify the proxy server details in /etc/yum.conf. For additional information You can see this link https://www.centos.org/docs/5/html/yum/sn-yum-proxy-server.html – stambata Mar 27 '16 at 06:54
  • 1
    Is net.ipv4.ip_forward need to be enabled? – krrr Jul 17 '20 at 14:46
  • Thanks for this help. I was stuck. My problem was I was trying to route traffic to the ipTables computer over to an Arduino. The the above solution helped. my source and destination ports wer different. Here is what worked sudo iptables -t nat -A PREROUTING -p tcp --dport 8081 -j DNAT --to-destination 192.168.0.158:80 and sudo iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.158 --dport 80 -j SNAT --to-source 192.168.0.178:8081 – David Jun 05 '21 at 13:13
  • This works. thanks. I spent many hours trying to make it work. and now it does. woohoo! – BenKoshy Nov 08 '23 at 06:47