iptables

iptables processing steps (original image link)



Redirect eth0:3240 to 127.0.0.1:32400
sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -a | grep 'net.ipv4.ip_forward'
sysctl net.ipv4.ip_forward -> this reads the value
sudo sysctl -w net.ipv4.conf.eth0.route_localnet=1
sudo sysctl -a | grep 'net.ipv4.conf.eth0.route_localnet'
# you'll need the rule below when using ufw
sudo ufw allow to 127.0.0.1 port 32400

Suppose we have a server with an eth0 with the ip 192.168.1.31.

Set this iptables rule on the server:
sudo sysctl -w net.ipv4.conf.eth0.route_localnet=1
then
sudo iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 3240 -j DNAT --to-destination 127.0.0.1:32400
or using the ip for eth0:
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.1.31 --dport 3240 -j DNAT --to-destination 127.0.0.1:32400
in order to work this command on a client computer (but not on the server):
curl -kLD http://192.168.1.31:3240/web/index.html

Set only this iptables rule on the server:
sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 3240 -j REDIRECT --to-ports 32400
in order to work these curl commands on the server:
curl -kLD - http://127.0.0.1:3240/web/index.html 
curl -kLD - http://192.168.1.31:3240/web/index.html

View and delete rules
sudo iptables -t nat --line-number -L -v
sudo iptables -t nat -D PREROUTING 1 -> deletes rule 1 from PREROUTING
sudo iptables -t nat -D OUTPUT 1 -> deletes rule 1 from OUTPUT

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.