How to DNAT with iptables
When x.x.x.x makes a request on port 80 to y.y.y.y I would like the request to be redirected to z.z.z.z:80. I'm trying to do this with iptables under CentOS 6. It might be worth mentioning that to prove the concept x.x.x.x and y.y.y.y are currently in the same local network but later I'll be trying to do this over a VPN with x.x.x.x one side of the VPN and y.y.y.y on the other. z.z.z.z is an external ip.
Before creating any rules, when I go to y.y.y.y:80 from x.x.x.x I can connect to the http server running on y.y.y.y.
I think I've established that I need to create a DNAT rule. I've done this as follows:
When trying to connect to y.y.y.y the connection times out. I realised ip forwarding was disabled, so issued:
iptables -t nat -A PREROUTING -p tcp -s x.x.x.x -d y.y.y.y --dport 80 -j DNAT --to-destination z.z.z.z:80
This then stops the timeout but still doesn't connect to the http server on z.z.z.z.
echo 1 > /proc/sys/net/ipv4/ip_forward
Someone suggested that I need to create an SNAT rule because x.x.x.x and y.y.y.y are currently on the same network. I'm not sure if I've done this correctly or not:
If anyone has a suggestion on how I can get this working I'd really appreciate their help.
iptables -A POSTROUTING -t nat -s x.x.x.0/24 -o eth0 -j SNAT --to-source x.x.x.x