IPtables Port Forwarding Aug 25th 2020 Words: 193
This post is created 2 years ago, the content may be outdated.

Install iptables and iptables-persistent:

1
sudo apt install iptables iptables-persistent

Enable IPv4 package forwarding:

1
2
3
4
5
6
7
8
sudo nano /etc/sysctl.conf

# uncomment or add the following line

net.ipv4.ip_forward=1

# reload sysctl.conf
sudo sysctl -p

Add iptables rules:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
sudo nano /etc/iptables/rules.v4

# add custom forwarding at the end of the file

*nat

# 88.94.64.36(localhost):4364 -> 114.51.41.91:9819
# feed the private IP to `--to-source` argument, if you are using a NAT VPS

-A PREROUTING -p tcp -m tcp --dport 4364 -j DNAT --to-destination 114.51.41.91:9819
-A POSTROUTING -d 114.51.41.91 -p tcp -m tcp --dport 9819 -j SNAT --to-source 88.94.64.36

-A PREROUTING -p udp -m udp --dport 4364 -j DNAT --to-destination 114.51.41.91:9819
-A POSTROUTING -d 114.51.41.91 -p udp -m udp --dport 9819 -j SNAT --to-source 88.94.64.36

# use masquerade if the host does not have static IP (maybe slower)
# -A POSTROUTING -j MASQUERADE

COMMIT

Apply changes:

1
2
3
4
5
# reload iptables rules from /etc/iptables/rules.v*
sudo systemctl restart iptables

# check rules
sudo iptables -t nat -L