Make CentOS 6.x a port forwarding NAT device
Try to add this rule to your /etc/sysconfig/iptables right after -A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389
-A POSTROUTING -d 192.168.9.120 -j MASQUERADE
Second check if net.ipv4.ip_forward is set to 1 by executing 'sysctl -a | grep net.ipv4.ip_forward`
If it's still set up on 0 then execute:
sysctl -w net.ipv4.ip_forward=1
Related videos on Youtube
Andy Arismendi
Updated on September 18, 2022Comments
-
Andy Arismendi over 1 year
I would like to make CentOS a port forwarding NAT machine using iptables. This is the first time I've tried this and I think i might need a little help.
This is the configuration i'm trying to achieve. I'm trying to make a remote desktop connection through the CentOS machine on port 5500 and have CentOS connect to the server on port 3389.
192.168.21.11 is the client that should connect to port 3389 on 192.168.9.120 by connecting to 192.168.21.10 (CentOS) on port 5500.
- CentOS eth0 is 192.168.9.20/24
- CentOS eth1 is 192.168.21.10/24
What I tried so far:
- Disabled SELINUX
Enabled IPv4 forwarding in /etc/sysctl.conf
/etc/sysctl.conf net.ipv4.ip_forward = 1
Ran the following iptables commands
iptables -t nat -A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389 iptables -A INPUT -i eth1 -p tcp --dport 5500 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 5500 -m state --state ESTABLISHED -j ACCEPT service iptables save
After saving this configuration I was not able to make the remote desktop connection I'm trying to achieve, so is there anything wrong with my iptables rules? Or is there something I might be missing?
-
B14D3 almost 11 yearsAnd where is the QUESTION?
-
Andy Arismendi almost 11 yearsEdited to add a question.
-
B14D3 almost 11 yearsSo it's not working :)
-
dmourati almost 11 years
-
user9517 almost 11 years-I is better than -A in most cases and especially when you don't know the full ruleset.
-
Andy Arismendi almost 11 yearsAh needed the masquerade :)
iptables -t nat -A POSTROUTING -d 192.168.9.120 -j MASQUERADE
worked. Alsoiptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
worked. Thanks for the help!