How to Forward Ports With Iptables in Linux

Port forwarding is a crucial technique for network administrators, which allows the redirection of internet traffic from one IP address and port to another. It is useful in navigating firewalls, NATs, and other security or structural barriers that prevent direct system access. Port forwarding enables remote access to services, such as hosting a web server or securing systems behind a firewall, ensuring they remain reachable over the internet.

Port forwarding facilitates secure and efficient network configuration by effectively managing traffic flow. In this article, we will guide you through the step-by-step procedure for forwarding ports with Iptables in Linux.

Understanding iptables and Port Forwarding

Before diving into the methods, it’s crucial to have a basic understanding of what iptables are and how they function. It is a CLI firewall utility that utilizes policy chains to allow or block traffic. When it comes to port forwarding, iptables modifies the destination address and port number of the traffic passing through a router or firewall.

Port forwarding, on the other hand, is a network address translation (NAT) technique that allows an external user to access services on a private network from the outside. It’s a way to redirect a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.

Before starting port forwarding on Linux, you must configure a web server, such as Apache or nginx. To configure a web server, follow our dedicated guide on how to install Nginx on Ubuntu Linux system.

Forward Ports With Iptables in Linux

The most common method of forwarding ports with iptables in Ubuntu 24.04 involves the NAT table and the PREROUTING chain. The step-by-step process with explanations is given below:

Step 1: Install Iptables

iptables is usually pre-installed, however, if it’s not installed, you can install it by executing the below-given command:

sudo apt install iptables
install iptables

Step 2: Enable IP Forwarding

IP forwarding must be enabled to allow your system to forward packets from one network interface to another. By default, it is not enabled for network security. To enable this, let’s edit the /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

Add the below line in the configuration file, and then save, and exit the nano editor:

net.ipv4.ip_forward=1
edit the /etc/sysctl.conf file

Now apply the changes with the sysctl command:

sudo sysctl -p
save changes with the sysctl command

After this, you can see the current iptables rules by running the iptables command with L option:

sudo iptables -L -n

This command lists all the rules, including any existing port forwarding rules:

existing port forwarding rules

Step 3: Set Up Iptables Rules

In the Linux system, iptables is the go-to utility for managing network packet filtering and port forwarding. For forwarding traffic from one port to another port, you can use the PREROUTING chain to navigate the traffic to the specified destination. Here’s a basic command structure:

sudo iptables -t nat -A PREROUTING -p tcp --dport <original-port> -j DNAT --to-destination <destination-ip>:<new-port>

In the above command, modify <original-port> with the desired port you want to forward from, <destination-ip> with the IP address of the destination server, and <new-port> with the forwarding port number.

Let’s forward external port 80 to internal IP 192.168.0.121 as well as the internal port 8080:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.121:8080

This command forwards traffic destined for port 80 to port 8080 on the internal IP address 192.168.0.121:

setting up iptables rules

Step 4: Apply the Rules

Iptables rules are not persistent by default, meaning they will be lost after a reboot.

To save the rules, you can use iptables-persistent or manually save them to a file and restore them on boot:

sudo netfilter-persistent save && sudo netfilter-persistent reload
iptables-persistent

Step 5: Verify the Configuration

List the current iptables rules with the following command to confirm the new configuration is active:

sudo iptables -t nat -L -n -v

Check the PREROUTING chain for the rules you’ve added:

list the current iptables rules

Step 6: Test the Port Forwarding

Finally, test the port forwarding Linux to ensure it’s working as expected. You can do this by attempting to access the service from an external system using the forwarded port:

curl 192.168.0.121
test the port forwarding

By following these steps and considering the additional factors, you can successfully configure iptables port forwarding in Linux to make services on your internal network accessible from the outside world.

Conclusion

In Linux, port forwarding with iptables is a powerful capability that can provide significant flexibility in managing network traffic. To forward ports with iptables in Linux, you can use a simple two-line command sequence. The first line typically adds a rule to the nat table’s PREROUTING chain to redirect the desired traffic, while the second line modifies the POSTROUTING chain to ensure the traffic leaves the correct interface. Remember to replace the port numbers and IP addresses with those relevant to your configuration.

UltaHost offers fully managed Cloudflare VPS Hosting perfect for configuring port forwarding with iptables. With Cloudflare integration, you can enhance security and speed for your applications and websites while forwarding ports efficiently.

FAQ

What is port forwarding?
Why is port forwarding important?
How do iptables work for port forwarding?
Can iptables be used for both allowing and blocking traffic?
Is port forwarding secure?
Do I need to understand iptables to forward ports?
How do I set up port forwarding with iptables?

Related Post

How to Check Linux Version

Linux is an open-source operating system that offers a ...

Iptables Firewall Essentials for VPS Protecti

Iptables is a firewall utility that can be used to cont...

How to Generate Report Using MTR on Linux

When troubleshooting network issues on Linux, having a ...

How to Install OWASP ZAP in Kali Linux

For ethical hackers and security enthusiasts, Kali Linu...

How to Use the ulimit Linux Command

ulimit stands for "user limits" and is used to set or d...

Mastering Process Management with Linux ps au

In Linux systems, processes are the backbone of system ...

Leave a Comment