S
S
sergey_fs2017-11-11 18:44:48
iptables
sergey_fs, 2017-11-11 18:44:48

Please help with IPtables Forward?

please help with port forwarding
The task is to make it so that the port on the server is forwarded towards another server
I tried to do this through IPtables but forwarding does not work

[[email protected] ~]# iptables -t nat -A PREROUTING -p tcp  --dport 2202 -j DNAT --to-destination 192.168.1.2:22
[[email protected] ~]#  iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


[[email protected] ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8095
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5060
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5061
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5090
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5080
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:5085
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:5060
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:5061
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:10000:20000
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:5432
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:9090
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.2          tcp dpt:22 state NEW,RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
You have mail in /var/spool/mail/root

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)
K
krosh, 2017-11-11
@krosh

The conditions are not clear, what and where should be forwarded? What does not work?
But try the solution from a similar question: iptables settings for transit to another server?
In the FORWARD chain, it is also necessary to allow reverse (-s) traffic, now you only have to go there (-d), up to 192.168.1.2, but not back. According to the link, there are just two necessary ones, perhaps the whole point is in them.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question