Linux Commands

How to Setup Port Forward with Iptables on Linux-Based Systems

1 year ago
by Zeeman Memon
Port forwarding is a technique that is used in computer networking that allows traffic from outside of a network to be directed to a specific machine or service within the network. It involves forwarding traffic from a specific port on a gateway or router to a corresponding port on a machine or service within the network. This technique is commonly used to allow the remote access to services such as web servers, email servers, and file servers that are located within a private network, behind a gateway or firewall. Using port forwarding, the incoming traffic can be directed to the appropriate machine or service while keeping the rest of the network protected from unauthorized access.

One way to achieve port forwarding is using the iptables command-line tool on Linux-based systems. Iptables is a utility software that allows the users to configure the network traffic rules and policies. Iptables use a set of predefined tables to organize the rules and policies. Each table contains a set of chains which are lists of rules that are applied sequentially to incoming or outgoing traffic. Each rule in the iptables specifies a set of conditions that must be met for the rule to be applied, and an action to be taken if the conditions are met. In this article, we will discuss how to use the iptables to set up the port forwarding on a Linux-based system.

Port Forwarding with Iptables

Step 1: Finding the Port Number and Protocol

The first step in port forwarding with iptables is to determine the port number and protocol of the service that you want to forward. The port number is a numerical identifier that is assigned to a specific service or application on a network, while the protocol specifies the rules for transmitting the data between devices.

An example of this is forwarding all incoming traffic to a web server that runs on port 80 with the protocol as TCP (Transmission Control Protocol).

Step 2: Creating a Chain for Port Forwarding

The next step is to create a chain that is used to forward the incoming traffic to the appropriate machine or service. For that, you need to add a new chain in iptables.

Run the following command to create a new chain:

$sudo iptables -N <chain-name>

Note: Replace <chain-name> with a descriptive name for the chain that you want to create.

Step 3: Adding a New Rule to the Chain

On the newly created chain, you need to add a rule that forwards the incoming traffic to the appropriate machine or service. The rule should specify the port number and protocol of the service as well as the IP address of the machine that should receive the incoming traffic.

Run the following command in the terminal:

$sudo iptables -A <chain-name> -p tcp --dport 80 -j DNAT --to-destination 192.168.0.100:80

Note: This command forwards all incoming traffic for a web server that runs on port 80 to a machine with the IP address 192.168.0.100.

You must replace <chain-name> with the name of the chain that you created in step 2.

The -p option specifies the protocol (in this case is TCP).

The –dport option specifies the destination port (in this case is port 80).

The -j option specifies the action to be taken if the conditions of the rule are met.

The –to-destination option specifies the IP address and port number of the machine or service that should receive the incoming traffic.

Step 4: Adding a Rule to Main Iptables for Forwarding

In addition to creating a chain and adding a rule to the chain, you also need to add a rule to the main iptables INPUT chain to allow the incoming traffic to be forwarded to the new chain.

Run the following command to add a rule to the main iptables:

$sudo iptables -A INPUT -p tcp --dport 80 -j <chain-name>

Note: Replace <chain-name> with the name of the chain that you created in step 2.

The -A option specifies that the new rule should be appended to the end of the INPUT chain. The -p option specifies the protocol (in this case is TCP).

The –dport option specifies the destination port (in this case is port 80).

The -j option specifies the action to be taken if the conditions of the rule are met which, in this case, is to forward the traffic to the new chain that you created in step 2.

Step 5: Saving the Configuration

You need to save the new port forwarding rules configuration so that the next time that you boot your device, the rules do not reset.

To save the configuration, run the following command:

$sudo iptables-save > /etc/iptables/rules.v4

Step 6: Testing the New Configuration

It is important to test the port forwarding configuration to ensure that it is working correctly. You can test the configuration by attempting to connect to the service from another machine on the network or from the internet.

If the configuration is working correctly, you should be able to connect to the service using the specified port number and protocol.

Conclusion

Port forwarding is a useful technique to allow the incoming traffic to be directed to a specific machine or service. Using iptables on a Linux-based system, you can set up the port forwarding rules that allow the incoming traffic to be forwarded to the appropriate machine or service.

We discussed the basic steps involved in port forwarding with iptables including creating a chain, adding a rule to the chain, adding a rule to the main INPUT chain, saving the configuration, and testing the configuration. By following these steps, you can set up the port forwarding on your Linux-based system and ensure that the incoming traffic is directed to the appropriate machine or service.

About the author

Zeeman Memon

Hi there! I'm a Software Engineer who loves to write about tech. You can reach out to me on LinkedIn.

View all posts