Linux iptables NAT Step by Step Configuration With Diagram


IPTABLES NAT (Network Address Translator)
IP Forwarding : Also known as Internet routing. Send the data from one network( eth1) to another network( eth0).
In the Routing server.
eth0 -act as public network
eth1 -act as private network 

By Default Forward chain for Local Private network is disable. To enable in iptables.
# iptables -I FORWARD -s -j ACCEPT
# iptables -I FORWARD -d -j ACCEPT
It will reflect in iptables
target prot opt source destination
ACCEPT all -- anywhere
ACCEPT all -- anywhere

In the above Diagram – Rectangular represent as a server.
Check List For configure Iptables routing 
1)Enable IP Forwarding in Local Network in iptables.
2)Enable IP Forwarding in systcl.conf
3)Add the iptables NAT MASQUERADE.
4)Client machine add the gateway and dns entry in /etc/resolve.conf

1.1) #iptables –t nat –I POSTROUTING –s –o eth0 –j MASQUERADE
1.2 #iptables –t nat –I POSTROURTING –s –J SNAT –to-source
NOTE: Difference between 1.1 & 1.2 is 
1.1)Source address become any one of the public ip.
1.2)Source address has been specified as

2.1)#iptables –t nat –I PREROUTING –p tcp –dport 80 –d –j DNAT –to
2.2)#iptables –t nat –I PREROUTING –p tcp –dport 8080 –d –j DNAT –to
2.1 & 2.2 is port forwarding.
2.3)#iptables –t nat –I PREROUTING –d –j DNAT –to-destionation
2.3) what are the service request comes to the it will automatically redirect to the

From the Picture Point 2 & From the table 2.1,2.2 and 2.3.
when client hits 192.168.1.X IP it will redirect
Simple Iptables Chain For Accept http(80) and drop ssh(22) ports.
Using netstat -tulpn command we can find out port number and their corresponding services.

Reference :
1. Step-By-Step Configuration of NAT with iptables
2. Linux NAT in Four Steps using iptables

How to Delete Iptables Chain.
#iptables -D INPUT 1
#iptables -D POSTROUTING 1
#iptables -D <CHAIN-POLICY> chain-number

No comments:
Write comments