0

I am trying to forward port 443 to a different server using iptables. What can explain this not working? I've enabled net.ipv4.ip_forward.

This is the code I use. I have no other iptables rules:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 1.2.3.4:443 iptables -A FORWARD -p tcp -d 1.2.3.4 --dport 443 -j ACCEPT
Improve this question

1 Answer 1

Reset to default
2

If your default forward policy is DROP then you also need to accept traffic to go back :

iptables -A FORWARD -p tcp -s 1.2.3.4 --sport 443 -j ACCEPT

You should secure this a little bit so if your box 1.2.3.4 is compromised at least no forged packet can go through your gateway using source port 443.

IPTABLES=/sbin/iptables [ ... ] $IPTABLES -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 1.2.3.4:443 $IPTABLES -I FORWARD -p tcp ! --syn -m state --state NEW -j DROP $IPTABLES -A FORWARD -p tcp -d 1.2.3.4 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT $IPTABLES -A FORWARD -p tcp -s 1.2.3.4 --sport 443 -m state --state ESTABLISHED -j ACCEPT
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.