IP tables port forwarding

**ikcir** · 01-08-2010

Hello

We have one linux machine in the office which happens to be an important firewall. I just know the basics and need to make one change

Essentially it is forward mysql traffic to another internal machine.

This is the original rule (forward to 192.20.0.17) which is working

Code:

$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.17
$IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.17 --dport 3306 -j allowed

and i just need to send it to 192.20.0.15 so i just change -->

Code:

$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.15
$IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.15 --dport 3306 -j allowed

and restarted the machine.

But this does not work. is there anything else that must be done ?

**Lazydog** · 01-08-2010

Originally Posted by ikcir

$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 3306 -j allowed
$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $STATIC_IP --dport 3306 -j DNAT --to-destination 192.20.0.15
$IPTABLES -A FORWARD -p tcp -i $INET_IFACE -o $LAN_IFACE -d 192.20.0.15 --dport 3306 -j allowed

Change allowed to ACCEPT. I cannot believe that the old rule was working unless you were using some sort of very old firewall.

Here is a TUTORIAL for IPTABLES

**framp** · 01-08-2010

Originally Posted by Lazydog

Change allowed to ACCEPT.

I suspect allowed is another iptables chain.
@ikcir: Check this chain for other restrictions.

Thread Tools

Display

IP tables port forwarding

Posting Permissions