IPTables 1:1 NAT on a single port [closed]

https://stackoverflow.com/questions/22839793

27-06-2023
|

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 9 years ago.

Improve this question

I am trying to figure out how to add a 1:1 NAT with IPTables but only on a single port, I know how to forward all traffic, but can't seem to find anything on a single port such as

192.168.1.1:21 -> 172.16.1.1:21   
192.168.1.2:21 -> 172.16.1.2:21   
192.168.1.3:21 -> 172.16.1.3:21   
192.168.1.4:21 -> 172.16.1.4:21

I cant do this by say allowing only one port because there are other applications also doing traffic redirections on other ports.

All I have so far is something like this, but it doesn't specify the IP it originally landed on as a parameter.

sysctl net.ipv4.ip_forward=1   
iptables -t nat -A PREROUTING -p tcp --dport port -j DNAT --to-destination ip:port   
iptables -t nat -A POSTROUTING -j MASQUERADE

La solution

Use the -d flag to specify original destination.

iptables -t nat -A PREROUTING -d <external-ip> -p tcp --dport port -j DNAT --to-destination <internal-ip>:port

Licencié sous: CC-BY-SA avec attribution

Non affilié à StackOverflow