Answer the question
In order to leave comments, you need to log in
Please help with IPtables Forward?
please help with port forwarding
The task is to make it so that the port on the server is forwarded towards another server
I tried to do this through IPtables but forwarding does not work
[[email protected] ~]# iptables -t nat -A PREROUTING -p tcp --dport 2202 -j DNAT --to-destination 192.168.1.2:22
[[email protected] ~]# iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[[email protected] ~]# iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8095
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5060
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5061
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5090
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5080
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5085
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5060
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5061
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:10000:20000
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.2 tcp dpt:22 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
You have mail in /var/spool/mail/root
Answer the question
In order to leave comments, you need to log in
The conditions are not clear, what and where should be forwarded? What does not work?
But try the solution from a similar question: iptables settings for transit to another server?
In the FORWARD chain, it is also necessary to allow reverse (-s) traffic, now you only have to go there (-d), up to 192.168.1.2, but not back. According to the link, there are just two necessary ones, perhaps the whole point is in them.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question