Simple port forwarding
Solution 1
In case someone else is looking for a way that actually works. Though @HorsePunchKid is right in his suggestion, I've found this walkthrough that fills in the missing steps:
http://www.debuntu.org/how-to-redirecting-network-traffic-to-a-new-ip-using-iptables/
In essence:
Enable IP Forwarding:
sysctl net.ipv4.ip_forward=1
Add your forwarding rule (use n.n.n.n:port):
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.132 --dport 29418 -j DNAT --to-destination 10.0.0.133:29418
Ask IPtables to Masquerade:
iptables -t nat -A POSTROUTING -j MASQUERADE
And that's it! It worked for me in any case :)
Solution 2
If anyone is searching for a temporary method, try the below solution.
ssh -L 192.168.0.10:8080:10.0.0.10:80 [email protected]
The above command redirects all connections to port 8080 on your base machine to 80 virtual machine ports. You can test if it works by accessing the web page http://192.168.0.10:8080, and it'll show you the web page on the guest machine.
This applies to all ports :)
Solution 3
If you have iptables installed on 10.0.0.132, I think this will be pretty straightforward:
iptables -t nat -A PREROUTING -j DNAT -d 10.0.0.132 -p tcp --dport 29418 --to 10.0.0.133
This says to send traffic coming in to 10.0.0.132 on port 29418 over to 10.0.0.133 instead, on the same port, prior to any other routing that 10.0.0.132 might try to do. If you run this command and have trouble with it, replace the -A flag with -D to remove it.
If you're looking to have this rule run automatically when 10.0.0.132 starts up, consider adding the above command as a "post-up" rule in /etc/network/interfaces.
Related videos on Youtube
uncletall
Updated on September 18, 2022Comments
-
uncletall over 1 year
I am in a bit of trouble as I am trying to setup a reverse proxy with and a second server. My idea was to get the firewall to forward https to the reverse proxy and port 29418 (gerrit ssh) to the second server. Now my cooperate IT guy says: CAN NOT! Either both ports go to server 1 or both ports go to server 2.
Ok, as a work around I tried to setup a port forwarding on the reverse proxy of port 29418 -> server2:29418
Details:
- Server1 IP: 10.0.0.132 and 192.168.10.2 on Ubuntu 12.04.2 LTS
- Server2 IP: 10.0.0.133 and 192.168.10.3 on Ubuntu 12.04.2 LTS
Now both https and port 29418 go from the firewall to 10.0.0.132, IT says that's the only way. :(
So please tell me how to forward from 10.0.0.132:29418 -> 192.168.10.3:29418 or 10.0.0.133:29418
When I am working on the 10.0.0.132 I can connect to both 10.0.0.133:29418 and 192.168.10.3:29418 so the ports are open.
-- Update --
My iptables -t nat -L looks like this:
root@dev:/root# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere dev.example.com tcp dpt:29418 to:10.0.0.133 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination root@dev:/root# cat /proc/sys/net/ipv4/ip_forward 1
-
alireza pirankashani over 3 yearsI find this article useful. The main issue to enable ipforward in linux is described in the section "Configuring the Firewall to Forward Port 80"
-
uncletall almost 11 yearsThat's exactly what I did but it didn't work. I have uncommented the net.ipv4.ip_forward = 1 in /etc/sysctl.conf but I still get errors connecting to the 10.0.0.132:29418
-
Victor Pudeyev over 9 yearsThis is the best answer I found on this subject.
-
Dyin over 7 yearsLost connection from my Docker container after using this solution. Had to delete the rule. Rule was working, but lost all other traffic. I don't recommend this.
-
shrimpwagon almost 6 years
iptables -t nat -A POSTROUTING -j MASQUERADE
OH WOW... that's it, thank you! Spent hours searching web and figuring out. This is so simple and works. -
vmalep over 4 yearsIt works perfectly, Now, how to make these rules permanent?
-
vmalep over 4 yearsA problem I noticed is that when the port forwarding is activated, the router cannot access the apt servers anymore... Any clue?