IP/PORT forward requests to another server

networking server port-forwarding

14,958

Solution 1

The commands in your question are enough to enable routing and forward 12.345.67.890:3636 to 09.876.54.321:3636.

Use iptables' LOG target to monitor what is happening:

iptables -I FORWARD -j LOG

You should see something like this in /var/log/syslog:

Aug 19 08:43:23 hostname kernel: [190951.964227] IN=eth0 OUT=eth0 SRC=11.22.33.44 DST=09.876.54.321 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51600 DF PROTO=TCP SPT=41960 DPT=3636 WINDOW=246 RES=0x00 ACK URGP=0

SRC: Source IP address
DST: Destination IP address
SPT: Source port
DPT: Destination port

Flush iptables rules to clean up everything:

iptables -F

Solution 2

Disabling the port forwarding

When it comes to removing the port routing capability, no answer was given that would switch off the forwarding (experimentally verified on Ubuntu 18.04.2).

Credits: The question by @DT.DTDG is greatly precisely stated, thanks. This question plus @Eric's answer have helped me solving something, thanks! And I went further in researching this topic, so I want to share the knowledge with the community.

Purging the rules

In order to clean up the routing rules, you need to remove them from the NAT routing table (Network Addres Translation table). You achieve this by that:

iptables -F -t nat

Otherwise: if you miss out "-t nat" parameter, the rules mentioned in the question will continue working (e.g. in Ubuntu 18.04.2).

Switch off forwarding

Additionally, the kernel-parameter needs a separate command. If you want to get all cleaned up you also have to:

sysctl net.ipv4.ip_forward=0

It is generally strongly adviced not to enable forwarding of packets between interfaces in systems that are not routers, for security reasons.

Appendix

All actions typically need escalated priviledges, run them preceded with sudo or as "root".
Ad-acta. Commands that configure the routing:

CUR_PORT = current machine port
DES_IP = destination machine IP address
DES_PORT = destination machine port

sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport CUR_PORT -j DNAT --to-destination DES_IP:DES_PORT
iptables -t nat -A POSTROUTING -j MASQUERADE

14,958

DT.DTDG

Updated on September 18, 2022

Comments

DT.DTDG over 1 year
I have the following listening PORT:IP set up on my UBuntu server.
```
12.345.67.890:3636
```
It receives requests perfectly, however, I would now like to forward any requests to that IP:PORT to another IP:PORT, i.e.:
```
09.876.54.321:3636
```
Essentially I want to do a request forward 12.345.67.890:3636 -> 09.876.54.321:3636.

How can I go about it in Terminal and if I wanted to change it back how can I go about that too? Is there also a way to test that the data is forwarding and it is setup properly?

Thanks!

Edit: Can I just do as follows, just wondering how I would go about testing it and how I could disable it?
```
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 3636 -j DNAT --to-destination 09.876.54.321:3636
iptables -t nat -A POSTROUTING -j MASQUERADE
```
- muru over 9 years
  
  Disabling is easy: iptables -F.
- Patryk Mazurkiewicz almost 5 years
  
  Disabling iptables -F does not work in Ubuntu 18.04.2 - but iptables -F -t nat does the trick.
- Shinto C V almost 3 years
  
  To change it back run the same commands with -A changed to -D. This deletes those rules.
DT.DTDG over 9 years

Thanks @EricCarvalho I've implemented and checked, and it's all working :) Thank you for the detailed explanation.
Shinto C V almost 3 years

After running iptables -t nat -A PREROUTING -p tcp --dport CUR_PORT -j DNAT --to-destination DES_IP:DES_PORT iptables -t nat -A POSTROUTING -j MASQUERADE I lost internet connectivity. I couldn't even curl internal ports. What does the second line do?