Port forwarding with iptables

In this tutorial we’ll set up a simple port forwarding (NAT) using iptables.

1. Enable ip forward

echo "1" > /proc/sys/net/ipv4/ip_forward


2. Append routing rules to the nat table

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d {local_ip} --dport {local_port} -j DNAT --to {destination_ip}:{destination_port}
iptables -t nat -A POSTROUTING -o eth0 -d {destination_ip} -j SNAT --to-source {local_ip}


• {local_ip}: A ip address mapped on the local system
• {local_port}: The port you would like to listen on
• {destination_ip}: Destination ip address
• {destination_port}: Destination port

3. Now you can access http://{local_ip}:{local_port} and would actually be getting response from http://{destination_ip}:{destination_port}

A working example

If the ip address of your system is 32.64.128.200 and you import the following rules, you would be able to connect to http://32.64.128.200:8080 and actually see the Google search engine because 216.239.59.105:80 is one of Google’s web servers.

iptables -t nat -A PREROUTING -p tcp -s 0/0 -d 32.64.128.200 --dport 8080 -j DNAT --to 216.239.59.105:80
iptables -t nat -A POSTROUTING -o eth0 -d 216.239.59.105 -j SNAT --to-source 32.64.128.200