Sunday, 8 December 2013

Port forwarding port 80 of public static ip to internal machines port 8080 in centos using iptables

I have a centos server acting as router. It has two ethernet ports eth0 and eth1. eth0 is configured with the public static ip got from my ISP. I have my internal machines connected to this centos os router machine using LAN in eth1.

For example, assume that my public static ip given by my ISP is 123.45.567.89 and it is configured in eth0. In eth1 my internal machines are connected through LAN. Internal machines are in the ip range of to

I have a web application running on one of my internal machines with IP on port 8080. I can access this web app from my internal network by typing in a web browser. But I want to get this application from my public static ip given by ISP by simply typing http://123.45.567.89/ in the web browser. How can I achieve this? By port forwarding. Follow the below steps to achieve this.

Enable port forwarding in linux kernel by adding the below line in sysctl

vi /etc/sysctl.conf 

net.ipv4.ip_forward = 1

Then enable it by running the below command:

sysctl -p

Now create the firewall rules for port forwarding.

iptables -I FORWARD 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I FORWARD 1 -p tcp -d 123.45.567.89 --dport 80 -j ACCEPT

iptables -t nat -A PREROUTING -p tcp -d 123.45.567.89 --dport 80 -j DNAT --to-destination

iptables -t nat -A POSTROUTING -j MASQUERADE

service iptables save > /etc/sysconfig/iptables

service iptables restart

Now just open the link http://123.45.567.89/ in web browser and it should open the app running on internal machine on port 8080.

No comments:

Post a Comment