1

Scenario:

Using DDwrt on a linksys router. I want to port forward a specific public IP address to internal IP 192.168.0.20 port 80 using IPtables. Not sure how to do this any help would be appreciated.

Munky
  • 13
  • 4

1 Answers1

4

Something like:

iptables -t nat -A PREROUTING -d <public-ip> -i <wan-interface> -j DNAT --to 192.168.0.20

should work. If you want to forward only TCP port 80 on the public IP, you can do:

iptables -t nat -A PREROUTING -p tcp --dport 80 -d <public-ip> -i <wan-interface> -j DNAT --to 192.168.0.20:80
Falcon Momot
  • 24,975
  • 13
  • 61
  • 92
  • Something like `iptables -t nat -A PREROUTING -d -d -p tcp --dport 80 -j DNAT --to-destination 192.168.0.20` to specify only port 80 traffic, otherwise that 192.168.0.20 will become the recipient of all traffic to the public IP. – cjc Aug 13 '12 at 17:53
  • Does'nt -d specify a destination address? Shouldn't that part be -s for the source address? – Munky Aug 13 '12 at 17:55
  • Nope. From the NAT's perspective, the destination is the NAT box. NAT in this case needs to change the destination to the host behind the NAT. This all happens before the packet is routed. – Falcon Momot Aug 13 '12 at 17:58
  • So the answer provided will get any port 80 traffic coming from public ip forwarded to my private one? – Munky Aug 13 '12 at 18:01
  • The second command in my answer will. – Falcon Momot Aug 13 '12 at 18:04
  • Is it the only line that is needed or is a forward rule needed for the local interface? – Munky Aug 13 '12 at 19:04
  • It is all. The first line would forward *all* incoming traffic to that local IP. – Falcon Momot Aug 14 '12 at 19:04