The backslash indicates continuation on the
next line.)
In this example, any packet destined for port 80 (--dport 80) is redirected to port 3128
(--to-ports 3128). Note that the packet is changed before it is routed (-A PREROUTING).
You can use REDIRECT targets only in PREROUTING and OUTPUT chains within a NAT table. You
can also give a range of port numbers to spread the redirection across multiple port numbers.
Using iptables for Port Forwarding
What if you have only one public IP address but you want to use a computer other than your firewall
computer to provide Web, FTP, DNS, or some other service? You can use the Dynamic Network
Address Translation (DNAT) feature to direct traffic for a particular port on your firewall to another
computer.
For example, if you want all requests for Web service (port 80) that are directed to the firewall
computer (-d 15.15.15.15) to be directed to another computer on your LAN (such as
10.0.0.25), you can use the following iptables command:
# iptables -t nat -A PREROUTING -p tcp -d 15.15.15.15 --dport 80 \
-j DNAT --to-destination 10.0.0.25
You can also spread the load for the service you are forwarding by providing a range of IP addresses
(for example, --to-destination 10.0.0.1-10.0.0.25). Likewise, you can direct the request
to a range of ports as well.
Pages:
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939