Iptables forwards a specific port to a specific nic

Question

Iptables forwards a specific port to a specific nic

what I have in my ubuntu is:

eth0(local) = 192.168.1.1/24 attemp to be gateway for local network
eth1(net1) = 192.168.2.2/24 gateway is 192.168.2.1 is a DSL 1
eth2(net2) = 192.168.3.2/24 gateway is 192.168.3.1 is a DSL 2

I want to:

port 22,53,80,443 force to use only through eth1
port 6881 to 6889 and other ports force to use only through eth2

How to make rules in iptables?

Thank.

+3

iptables

njai Mar 08 '11 at 10:34

source share

2 answers

I needed to forward a different IP address on my raspberry pi 3rd model b, and that is exactly how I did it.

sudo vi /etc/sysctl.conf

and highlight the line

net.ipv4.ip_forward=1

reload sysctl or reload your raspberry pi

sudo sysctl -p /etc/sysctl.conf

iptables

iptables -t nat -A PREROUTING -i eth1-p tcp --dport 22 -j DNAT --to-destination 192.168.0.198:22
iptables -t nat -A PREROUTING -i eth1-p tcp --dport 53 -j DNAT --to-destination 192.168.0.198:53
iptables -t nat -A PREROUTING -i eth1-p tcp --dport 80 -j DNAT --to-destination 192.168.0.198:80
iptables -t nat -A PREROUTING -i eth1-p tcp --dport 443 -j DNAT --to-destination 192.168.0.198:443

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

+1

Bryan Focht 22 . '16 6:23

Dmitry Alexeyev · Accepted Answer · 2011-03-08T11:05:37+0000

Check the packages that should go through eth1:

iptables -A PREROUTING -i eth0 -t mangle -p tcp --dports 22,53,80,443 -j MARK --set-mark 1

Add a rule eth1.outto route marked packets:

echo "201 eth1.out" >> /etc/iproute2/rt_tables
ip rule add fwmark 1 table eth1.out

Route all marked packages with eth1:

/sbin/ip route add default via 192.168.2.1 dev eth1 table eth1.out

Get the rest through eth2:

/sbin/ip route add default via 192.168.3.1 dev eth2

If the rule MARKdoes not work, try using CONNMARK.

Iptables forwards a specific port to a specific nic

More articles: