Port forwarding and traffic redirection via iptables
There is a router 192.168.1.1
, the Internet comes to it.
On the router, port 6666
is forwarded to the server with Ubuntu (192.168.1.2
, interface eth0
). There is also a second interface eth1
installed on the server, to which a separate locale is connected (ip
the server address in this network 10.10.10.2
, the main gateway is 10.10.10.1
). Through this locale, a computer in the 3rd network is available 192.168.100.1:6666
.
Task: configure iptables ubuntu
so that users over the Internet on port 6666
can reach 192.168.100.1
.
Forwarding is enabled.
I can't figure out how to correctly write the following logic (if it is correct at all):
- Redirect packets from one interface
eth0
to anothereth1
if polling192.168.1.2:6666
. - Redirect packets from
10.10.10.2
eth1
to the ip address available through this locale192.168.100.1:6666
.
1 answers
(On the server ubuntu
) Specify the route to 192.168.100.1
:
ip route add 192.168.100.1 via 10.10.10.1
Changing the destination in the packets to 192.168.100.1
:
iptables --table nat --insert PREROUTING \
--proto tcp --dport 6666 --jump DNAT --to-destination 192.168.100.1:6666
iptables --table nat --insert PREROUTING \
--proto udp --dport 6666 --jump DNAT --to-destination 192.168.100.1:6666
If the router 192.168.0.1
does not have a masquerade, then:
iptables --table nat --insert POSTROUTING --jump MASQUERADE
It should, in theory, earn money.