I would like to make CentOS a port forwarding NAT machine using iptables. This is the first time I've tried this and I think i might need a little help.
This is the configuration i'm trying to achieve. I'm trying to make a remote desktop connection through the CentOS machine on port 80 and have CentOS connect to the server on port 80.
192.168.0.120 is the client that should connect to port 80 on 192.168.30.37 by connecting to 192.168.0.100 (CentOS) on port 80.
- CentOS ens160 is 192.168.0.100/24
- CentOS ens192 is 192.168.30.254/24
- CentOS ens224 is 192.168.40.254/24
What I tried so far:
- Disabled SELINUX
-
Enabled IPv4 forwarding in /etc/sysctl.conf
/etc/sysctl.conf net.ipv4.ip_forward = 1 -
/etc/systemconfig/iptables is
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:944] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -i ens160 -o ens192 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ens192 -o ens160 -j ACCEPT -A FORWARD -i ens160 -o ens224 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i ens224 -o ens160 -j ACCEPT -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT *nat :PREROUTING ACCEPT [4:272] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i ens160 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.30.37:80 -A POSTROUTING -o ens160 -j MASQUERADE -A POSTROUTING -d 192.168.0.100/32 -j MASQUERADE COMMIT
So is there anything wrong with my iptables rules? Or is there something I might be missing?
Best Answer
Anyway, you are missing a FORWARD RULE
You need to insert the above rules, before this: