Port Forwarding with iptables
This is mostly as a quick note to myself.
Assumptions:
-
machineA is the machine which you want to (externally) access, and this should be done on port 2000 via TCP. Its IP address is
10.20.30.40. -
machineB is the machine which is "hidden" internally, and has a service running on port 9999 via TCP. Its IP address is
250.240.230.220.
On machineA, these commands should be run:
$ iptables -t nat -A PREROUTING -p tcp \
--dport 7000 -j DNAT \
--to-destination 250.240.230.220:9999
$ iptables -t nat -A POSTROUTING -p tcp \
-d 250.240.230.220 --dport 9999 \
-j SNAT --to-source 10.20.30.40This assumes that machineA could already connect to machineB at 250.240.230.22:9999.