Forwarding incoming ports to another private IP on my existing setup, IPTABLES
by slimcharles from LinuxQuestions.org on (#59DE1)
Hi,
On my Debian 8 gateway:
I want to forward incoming port 9000 to 192.168.4.10:3389 and incoming 9001 port to 192.168.4.11:3389.
Code:DHCP - WAN - eth0 -----> eth2 - LAN - 192.168.4.1I am using rules.v4 below with iptables-restore. I don't have that much experience with iptables and all the tutorials on the web I couldn't implement this to my existing rules.
I am using Debian 8 with iptables v1.4.21
My existing iptables rules below.
Code:# Generated by iptables-save v1.4.21 on Sat Jul 25 12:31:07 2020
*nat
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
# allow ssh, so that we do not lock ourselves
# allow ping from WAN side
--append INPUT --protocol icmp --icmp-type any --src [REDACTED_IP] --jump ACCEPT
# open ports for gateway services
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 8200 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j DROP
COMMITI am restoring these rules with Code:iptables-restore < /etc/iptables/rules.v4Any help will be highly appreciated.Thank you.
On my Debian 8 gateway:
I want to forward incoming port 9000 to 192.168.4.10:3389 and incoming 9001 port to 192.168.4.11:3389.
Code:DHCP - WAN - eth0 -----> eth2 - LAN - 192.168.4.1I am using rules.v4 below with iptables-restore. I don't have that much experience with iptables and all the tutorials on the web I couldn't implement this to my existing rules.
I am using Debian 8 with iptables v1.4.21
My existing iptables rules below.
Code:# Generated by iptables-save v1.4.21 on Sat Jul 25 12:31:07 2020
*nat
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
# allow ssh, so that we do not lock ourselves
# allow ping from WAN side
--append INPUT --protocol icmp --icmp-type any --src [REDACTED_IP] --jump ACCEPT
# open ports for gateway services
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -i eth2 -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -i bond0 -p tcp -m tcp --dport 8200 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -j DROP
COMMITI am restoring these rules with Code:iptables-restore < /etc/iptables/rules.v4Any help will be highly appreciated.Thank you.