I would like to make CentOS a port forwarding NAT machine using iptables. This is the first time I've tried this and I think i might need a little help.
This is the configuration i'm trying to achieve. I'm trying to make a remote desktop connection through the CentOS machine on port 5500 and have CentOS connect to the server on port 3389.
192.168.21.11 is the client that should connect to port 3389 on 192.168.9.120 by connecting to 192.168.21.10 (CentOS) on port 5500.
- CentOS eth0 is 192.168.9.20/24
- CentOS eth1 is 192.168.21.10/24
What I tried so far:
- Disabled SELINUX
-
Enabled IPv4 forwarding in /etc/sysctl.conf
/etc/sysctl.conf net.ipv4.ip_forward = 1
-
Ran the following iptables commands
iptables -t nat -A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389 iptables -A INPUT -i eth1 -p tcp --dport 5500 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 5500 -m state --state ESTABLISHED -j ACCEPT service iptables save
After saving this configuration I was not able to make the remote desktop connection I'm trying to achieve, so is there anything wrong with my iptables rules? Or is there something I might be missing?
Best Answer
Try to add this rule to your /etc/sysconfig/iptables right after
-A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389
-A POSTROUTING -d 192.168.9.120 -j MASQUERADE
Second check if net.ipv4.ip_forward is set to 1 by executing 'sysctl -a | grep net.ipv4.ip_forward`
If it's still set up on 0 then execute:
sysctl -w net.ipv4.ip_forward=1