Forwarding Ports in Subnets

Redirect traffic using iptables

Activate masquerading

We need to activate masquerading for outgoing traffic.

iptables -t nat -A POSTROUTING -j MASQUERADE

Forward ports

The following command redirects incoming TCP traffic on port 80 to port 8080 on the destination host with the IP 10.0.0.23.

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT \
         --to-destination 10.0.0.23:8080

Forward IP adresses

We can also forward all traffic with a specific IP adress as its destination. For example, this command redirects all incoming traffic for the IP adress 123.123.123.123 to 10.0.0.23.

iptables -t nat -A PREROUTING -p tcp --destination 123.123.123.123 -j DNAT \
         --to-destination 10.0.0.23