Sunday, 8 December 2013

Port forwarding port 80 of public static ip to internal machines port 8080 in centos using iptables

I have a centos server acting as router. It has two ethernet ports eth0 and eth1. eth0 is configured with the public static ip got from my ISP. I have my internal machines connected to this centos os router machine using LAN in eth1.

For example, assume that my public static ip given by my ISP is 123.45.567.89 and it is configured in eth0. In eth1 my internal machines are connected through LAN. Internal machines are in the ip range of 192.168.1.0 to 192.168.1.100

I have a web application running on one of my internal machines with IP 192.168.1.10 on port 8080. I can access this web app from my internal network by typing http://192.168.1.10:8080/ in a web browser. But I want to get this application from my public static ip given by ISP by simply typing http://123.45.567.89/ in the web browser. How can I achieve this? By port forwarding. Follow the below steps to achieve this.


Enable port forwarding in linux kernel by adding the below line in sysctl

vi /etc/sysctl.conf 

net.ipv4.ip_forward = 1

Then enable it by running the below command:

sysctl -p

Now create the firewall rules for port forwarding.

iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I FORWARD 1 -p tcp -d 123.45.567.89 --dport 80 -j ACCEPT


iptables -t nat -A PREROUTING -p tcp -d 123.45.567.89 --dport 80 -j DNAT --to-destination 192.168.1.10:8080


iptables -t nat -A POSTROUTING -j MASQUERADE


service iptables save > /etc/sysconfig/iptables


service iptables restart


Now just open the link http://123.45.567.89/ in web browser and it should open the app running on internal machine 192.168.1.10 on port 8080.

No comments:

Post a Comment