[LINUX] Port forwarding your web server using iptables


Describes how to forward (that is, port forwarding) the "host name: port number" of one web server to "another host: port number" on Linux. To realize this, use "iptables" that is installed as standard on CentOS and Ubuntu. The content introduced this time can probably be realized with firewalld etc. which is included by default in CentOS 7 or later, but as a result of searching for a method of port forwarding that does not depend on the environment as much as possible, I decided to use iptables. There are some articles that introduce port forwarding methods with iptables, but even if I tried those methods obediently, it did not work, and I was quite addicted to the realization, so I will summarize it again in this article. Only the http (https) protocol has been confirmed to work this time, but if it is TCP communication, it should work with other protocols (ssh, ftp, etc.).

Configuration you want to realize


Implementation by iptables

Execute the following command on the transfer source server

(1) PREROUTING chain

$ sudo iptables -t nat -A PREROUTING -p tcp \
                --dport 10080 -j DNAT \


$ sudo iptables -t nat -A POSTROUTING -p tcp \
                -d --dport 80 \
                -j MASQUERADE

(3) FORWARD chain

$ sudo iptables -A FORWARD -p tcp \
                -d --dport 80 \
                -j ACCEPT
$ sudo iptables -A FORWARD -p tcp \
                ! --syn -m state --state ESTABLISHED \
                -s --sport 80 \
                -j ACCEPT

(4) OUTPUT chain

$ sudo iptables -t nat -A OUTPUT -p tcp \
                --dport 10080 -j DNAT \

