Difference between revisions of "Iptables"
From Leaky
(Created page with 'To forward packets sent to one IP over to a different IP on a different server, you can use iptables. OLD_IP=92.48.119.131 NEW_IP=213.229.103.79 iptables -t nat -A PREROUTI…') |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
NEW_IP=213.229.103.79 | NEW_IP=213.229.103.79 | ||
| − | iptables -t nat -A PREROUTING -d $OLD_IP -p tcp -m tcp --dport | + | OLD_PORT=80 |
| − | iptables -t nat -A POSTROUTING -s | + | NEW_PORT=80 |
| + | |||
| + | iptables -t nat -A PREROUTING -d $OLD_IP -p tcp -m tcp --dport $OLD_PORT -j DNAT --to-destination $NEW_IP:$NEW_PORT | ||
| + | iptables -t nat -A POSTROUTING ! -s $OLD_IP -d $NEW_IP -p tcp -m tcp --dport $NEW_PORT -j SNAT --to-source $OLD_IP | ||
Blanket allow all packets being forwarded to the new IP. | Blanket allow all packets being forwarded to the new IP. | ||
| − | iptables - | + | iptables -I FORWARD -d $NEW_IP -j ACCEPT |
| + | iptables -I FORWARD -s $NEW_IP -j ACCEPT | ||
Things to watch for if it doesn't work - IP forwarding needs to be enabled (''sysctl -w net.ipv4.ip_forward=1'') and you may need to allow the specific port in the INPUT chain. Not sure about this as I had already allowed port 80 prior to setting up the forwarding. | Things to watch for if it doesn't work - IP forwarding needs to be enabled (''sysctl -w net.ipv4.ip_forward=1'') and you may need to allow the specific port in the INPUT chain. Not sure about this as I had already allowed port 80 prior to setting up the forwarding. | ||
[[Category:Networks]] | [[Category:Networks]] | ||
Latest revision as of 23:40, 28 August 2021
To forward packets sent to one IP over to a different IP on a different server, you can use iptables.
OLD_IP=92.48.119.131 NEW_IP=213.229.103.79 OLD_PORT=80 NEW_PORT=80
iptables -t nat -A PREROUTING -d $OLD_IP -p tcp -m tcp --dport $OLD_PORT -j DNAT --to-destination $NEW_IP:$NEW_PORT iptables -t nat -A POSTROUTING ! -s $OLD_IP -d $NEW_IP -p tcp -m tcp --dport $NEW_PORT -j SNAT --to-source $OLD_IP
Blanket allow all packets being forwarded to the new IP.
iptables -I FORWARD -d $NEW_IP -j ACCEPT iptables -I FORWARD -s $NEW_IP -j ACCEPT
Things to watch for if it doesn't work - IP forwarding needs to be enabled (sysctl -w net.ipv4.ip_forward=1) and you may need to allow the specific port in the INPUT chain. Not sure about this as I had already allowed port 80 prior to setting up the forwarding.
