Tech Journal Back to Tech Journal

How do I do port forwarding using iptables?

If you wanted to forward TCP port 6699 and UDP port 6257 (like you need in WinMX) to the IP address of 192.168.1.33, you'd do something like this:

DESTIP=192.168.1.33
TCPPORT=6699
UDPPORT=6257
IPTABLES=/sbin/iptables

$IPTABLES -t nat -A PREROUTING -p tcp --dport $TCPPORT -j DNAT --to-dest $DESTIP:$TCPPORT
$IPTABLES -t nat -A PREROUTING -p tcp --dport $UDPPORT -j DNAT --to-dest $DESTIP:$UDPPORT
#$IPTABLES -A FORWARD -p tcp --dport $TCPPORT -d $DESTIP -j ACCEPT
#$IPTABLES -A FORWARD -p udp --dport $UDPPORT -d $DESTIP -j ACCEPT

The first rule, the one added to the PREROUTING chain, is to re-write the packet with the new destination IP of the computer you want the data forwarded to.

The second rule, the one added to the FORWARD chain, is to actually forward the packets. I'm not sure it's actually needed. Try whatever you wish.

Depending on your firewall configuration, you may need to add an ACCEPT rule to the INPUT chain to allow the packets to be accepted on the ports.

Last updated on 2001-12-25 14:00:00 -0700, by Shalom Craimer

Back to Tech Journal