How to use firewall iptables strategy to forward ports on Linux servers

Forwarding between two different servers

Enable port forwarding

First, enable the IP forwarding function, which is disabled by default.

Temporary modification:

[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

The modification will take effect immediately, but will return to the default value of 0 after the system is restarted.

Permanent modification:

vi /etc/sysctl.conf

# Find the following value and change 0 to 1

net.ipv4.ip_forward = 1

# sysctl -p (make it take effect immediately)

The default value 0 disables IP forwarding, and changing it to 1 enables the IP forwarding function.

Configure port forwarding

Suppose when a user accesses 115.29.112.119:8804 , I want it to be forwarded to 42.99.16.84:8890

First, open port 8804 on the server

Modify the configuration file: vim /etc/sysconfig/iptables

-A INPUT -p tcp -m state --state NEW -m tcp --dport 8804 -j ACCEPT

Or execute and save from command line

[root@localhost sysconfig]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8804 -j ACCEPT
[root@localhost sysconfig]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[OK] 

Port forwarding

Method 1: Command line execution

Need to save, otherwise it will only take effect immediately, and the firewall rules will be cleared after restart

iptables -t nat -A PREROUTING -d 115.29.112.119 -p tcp --dport 8804 -j DNAT --to-destination 42.99.16.84:8890

iptables -t nat -A POSTROUTING -d 42.99.16.84 -p tcp --dport 8890 -j SNAT --to-source 115.29.112.119

The command to save without changing the configuration file: service iptables save

Method 2: Save directly to the configuration file

Modify the /etc/sysconfig/iptables configuration file and add rules

-A PREROUTING -d 115.29.112.119 -p tcp --dport 8804 -j DNAT --to-destination 42.99.16.84:8890

-A POSTROUTING -d 42.99.16.84 -p tcp --dport 8890 -j SNAT --to-source 115.29.112.119

After configuration, restart the firewall:

1.systemctl restart iptables (centos7); 2.service iptables restart (centos7 and previous versions)

View the configured policies

iptables -t nat --list --line-numbers 

Local port forwarding

If you only need to forward ports between different machines, it is relatively easy. For example, if I visit http://ip:8888 and want to return the content of http://ip:6666, the configuration is as follows:

[root@localhost ~]# iptables -t nat -A PREROUTING -p tcp --dport 8888 -j REDIRECT --to-ports 6666
[root@localhost ~]# service iptables save
[root@localhost ~]# service iptables restart

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.