• Home
  • Disclaimer
  • Contact
  • Archives
  • About
  • Subscribe
  • Support
  • Advertise

Kernel Talks

Unix, Linux, & Cloud!

  • How-to guides
    • Howto
    • Disk management
    • Configurations
  • OS
    • HPUX
    • Linux
  • Commands & tools
    • Commands
    • Software & Tools
    • System services
  • Cloud computing
    • AWS CSA preparation guide!
    • Cloud Services
  • Tips & Tricks
  • Linux commands
You are here: Home / Networking

How to forward port using iptables in Linux

Published: February 28, 2019 | Modified: June 24, 2020 | 6,597 views



Quick article to demonstrate how to configure port forwarding in Linux using iptables.

Port forwarding using iptables

In this article, we will walk you through port forwarding using iptables in Linux. First of all, you need to check if port forwarding is enabled or not on your server. For better understanding, we will be using eth0 as a reference interface and all our command executions will be related to eth0 in this article.

How to check if port forwarding is enabled in Linux

Either you can use sysctl to check if forwarding is enabled or not. Use below command to check –

[root@kerneltalks ~]#  sysctl -a |grep -i eth0.forwarding
net.ipv4.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.forwarding = 0

Since both values are zero, port forwarding is disabled for ipv4 and ipv6 on interface eth0.

Or you can use the process filesystem to check if port forwarding is enabled or not.

[root@kerneltalks ~]# cat /proc/sys/net/ipv4/conf/eth0/forwarding
0
[root@kerneltalks ~]# cat /proc/sys/net/ipv6/conf/eth0/forwarding
0

Again here process FS with zero values confirms port forwarding is disabled on our system. Now we need to first enable port forwarding on our system then we will configure port forwarding rules in iptables.

How to enable port forwarding in Linux

As we checked above, using the same methods you can enable port forwarding in Linux. But its recommended using sysctl command rather than replacing 0 by 1 in proc files.

Enable port forwarding in Linux using sysctl command –

[root@kerneltalks ~]# sysctl net.ipv4.conf.eth0.forwarding=1
net.ipv4.conf.eth0.forwarding = 1
[root@kerneltalks ~]# sysctl net.ipv6.conf.eth0.forwarding=1
net.ipv6.conf.eth0.forwarding = 1

To make it persistent over reboots, add parameters in /etc/sysctl.conf

[root@kerneltalks ~]# echo "net.ipv4.conf.eth0.forwarding = 1">>/etc/sysctl.conf
[root@kerneltalks ~]# echo "net.ipv6.conf.eth0.forwarding = 1">>/etc/sysctl.conf
[root@kerneltalks ~]# sysctl -p
net.ipv4.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1

Now, we have port forwarding enabled on our server, we can go ahead with configuring port forwarding rules using iptables.

How to forward port in Linux

Here we will forward port 80 to port 8080 on 172.31.40.29. Do not get confused port forwarding with port redirection.

We need to insert an entry in PREROUTING chain of iptables with DNAT target. Command will be as follows –

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.31.40.29:8080
# iptables -A FORWARD -p tcp -d 172.31.40.29 --dport 8080 -j ACCEPT

Change interface, IP and ports as per your requirement. The first command tells us to redirect packets coming to port 80 to IP 172.31.40.29 on port 8080. Now packet also needs to go through FORWARD chain so we are allowing in in the second command.

Now rules have been applied. You need to verify them.

How to check port forwarding iptables rules

Command to verify port forwarding rules is –

[root@kerneltalks ~]# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.31.40.29:8080

Here REDIRECT target means its a redirection rule. Since we have configured forwarding rule we see the target as DNAT

How to save iptables rules

To save iptables rules and make them persistent over reboots use below command –

[root@kerneltalks ~]# iptables-save
⇠ Previous article
Script to create mount points in LVM
Next article ⇢
How to redirect port in Linux using iptables

Related stuff:

  • Basics of iptables – Linux firewall
  • Network routes in Linux
  • How to redirect port in Linux using iptables
  • 4 step Network bonding / teaming configuration in Linux
  • How Docker container DNS works
  • Configuration of iptables policies

Filed Under: Networking Tagged With: how to foward port, iptables port forwarding, Port forwarding in linux

If you like my tutorials and if they helped you in any way, then

  • Consider buying me a cup of coffee via paypal!
  • Subscribe to our newsletter here!
  • Like KernelTalks Facebook page.
  • Follow us on Twitter.
  • Add our RSS feed to your feed reader.

Comments

  1. kerneltalks fan says

    October 22, 2019 at 7:07 pm

    Maybe an update/addition using nftables regarding this subject?.

    Reply

Share Your Comments & Feedback: Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get fresh content from KernelTalks

  • Email
  • Facebook
  • RSS
  • Twitter

Popular posts

  • How to start, stop & restart MariaDB server in Linux
  • How to reset iptables to the default settings
  • How to list YUM repositories in RHEL / CentOS
  • 4 ways to check the size of physical memory (RAM) in Linux
  • How to upgrade package using YUM in RHEL
  • MobaXterm X11 proxy: Authorisation not recognised
  • Configuring Visual Studio Code for Terraform to work with AWS
  • How to enable repository using subscription-manager in RHEL
  • How to disable iptables firewall temporarily
  • How to upgrade from Oracle Linux 6 to Oracle Linux 7

Get Linux & Unix stuff right into your mailbox. Subscribe now!

* indicates required

This work is licensed under a CC-BY-NC license · Privacy Policy
© Copyright 2016-2020 KernelTalks · All Rights Reserved.
The content is copyrighted to Shrikant Lavhate & can not be reproduced either online or offline without prior permission.