12

How can I modify this iptables rule, so that all traffic which coming for this computer will be forwarded to 192.168.42.10? 

iptables -t nat -A PREROUTING -s 192.168.46.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.42.10:80

The problem is that I create the ip tables rule from ansible and created it in different environments, where the ip address ranges are different, but I want to forward the 80 port to 192.168.42.10 always.

PumpkinSeed
  • 295
  • 2
  • 5
  • 12

1 Answers1

11

This rule will forward 80 port to 192.168.42.10 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.42.10:80

but this is not enough If you want to get back traffic then you should add this rule

iptables -t nat -A POSTROUTING -p tcp -d 192.168.42.10 --dport 80 -j SNAT --to-source 192.168.42.1

where ip address 192.168.42.1 is your iptables computer

These two rules have to solve the task.

muru
  • 569
  • 7
  • 26
stambata
  • 1,598
  • 3
  • 13
  • 18
  • Thank you it is working, but I had an other issue. Here is my current iptbales http://pastebin.com/gasEMiqh and it has a nat too to the LXC containers. When I use the port forward in the containers I cant use the yum, so I cant install packages. How can I solve this problem? – PumpkinSeed Mar 26 '16 at 21:15
  • You have to configure yam to use anHTTP proxy To enable all yum operations to use a proxy server, specify the proxy server details in /etc/yum.conf. For additional information You can see this link https://www.centos.org/docs/5/html/yum/sn-yum-proxy-server.html – stambata Mar 27 '16 at 06:54
  • 1
    Is `net.ipv4.ip_forward` need to be enabled? – krrr Jul 17 '20 at 14:46
  • Thanks for this help. I was stuck. My problem was I was trying to route traffic to the ipTables computer over to an Arduino. The the above solution helped. my source and destination ports wer different. Here is what worked `sudo iptables -t nat -A PREROUTING -p tcp --dport 8081 -j DNAT --to-destination 192.168.0.158:80` and `sudo iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.158 --dport 80 -j SNAT --to-source 192.168.0.178:8081` – David Jun 05 '21 at 13:13