Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

iptable port forwarding bewteen two lan interface

May 17, 2012 11:27PM PDT

Hi,
How can I config iptables to allow port forwarding from one WAN interface to second lan interface .

In my system I have one wan interface 61.93.204.56 (eth0),and lan interface 10.2.1.52(eth1)
I want to make port forward port no 22 from 61.93.204.56 to
port 22 , 10.2.1.52 , tcp and udp

I try below command but all are not work
[CODE]
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 22 -j DNAT --to-destination 10.2.1.52:22
iptables -A FORWARD -p tcp -d 10.2.1.52 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -p udp -i eth0 --dport 22 -j DNAT --to-destination 10.2.1.52:22
iptables -A FORWARD -p udp -d 10.2.1.52 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[/CODE]
[CODE]
iptables -A PREROUTING -p tcp -m tcp -d 61.93.204.56 --dport 22 -j DNAT --to-destination 10.2.1.52:22

iptables -A FORWARD -m state -p tcp -d 10.2.1.52 --dport 22 --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A POSTROUTING -p tcp -m tcp -s 10.2.1.52 --sport 22 -j SNAT --to-source 61.93.204.56
[/CODE]

[CODE]
iptables -A PREROUTING -t nat -i eth0 -p udp --dport 22 -j DNAT --to 10.2.1.52:22
iptables -A INPUT -p udp -m state --state NEW --dport 22 -i eth0 -j ACCEPT

iptables -A FORWARD -p tcp -m state --state NEW -d 10.2.1.52 --dport 22 -j ACCEPT
[/CODE]


[CODE]
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to 10.2.1.52:2
iptables -A FORWARD -p tcp -i eth0 -o eth2 -d 10.2.1.52 --dport 22 -j ACCEPT
[/CODE]

Please advice how can I make it work .

And how can I open debug for above iptables rule and see what is wrong ???
Please advice ..

Discussion is locked

- Collapse -
Clarification Request
So why not GUFW?
May 19, 2012 3:15AM PDT
- Collapse -
must use IPTABLES
May 19, 2012 3:54PM PDT

I must use iptables , cannot use GUFW ....

- Collapse -
And GUFW would make the tables.
May 20, 2012 4:14AM PDT

Good hunting!