Linux – Ubuntu 14.04 LTE forward port to another port

iptableslinuxlinux-networkingport-forwardingUbuntu

I am looking for a way to forward 1 port to another internally.

I have an Ubuntu 14.04 server on which I installed a game server that listens on port 25565.
The game does not support multiple ports.
I need to connect to this server from another place via port 443 only.

How do I make it so that when connecting via port 443 the firewall will forward to port 25565 so the game gets the request. And if the game wants to respond transfers it back to port 443 (only if a person was connected via 443).

And if someone connects via 25565 it responds like in the normal case via 25565.

How do I do this with iptables?

Best Answer

Use the REDIRECT target in the nat table, in the PREROUTING chain. Assuming the server uses TCP, run this command as root:

iptables -t nat -I PREROUTING -p tcp -m tcp --dport 443 \
                -j REDIRECT --to-ports 25565

If the server uses UDP, replace tcp with udp.

Related Solutions

Linux – IP-dependent local port-forwarding on Linux

To forward/redirect things you must edit the NAT table.

A rule like this is probably closest to what you need.

/sbin/iptables --table nat --append PREROUTING --protocol tcp \
               --source 169.250.250.250 --dport 22 \
               --jump REDIRECT --to-ports 42

It would be much easier and probably better to just leave SSH on the standard port and properly secure it. Using an alternate port would only slow down a motivated attacker for a couple seconds. Setup a intrusion prevention system like denyhosts/fail2ban and disable password-based authentication. Or consider rate-limit incoming ssh connections.

See:

Centos – iptables: forward port 80 to port 8080

You cannot specify the table like that in/etc/sysconfig/iptables. Each table is set with an asterisk then the table name. Here is a skeleton of what you'd do:

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination :8080
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT

Instead of editing the file you could also manually set up the rules you like using the iptables command and then execute iptables-save > /etc/sysconfig/iptables or service iptables save.

Best Answer

Related Solutions

Linux – IP-dependent local port-forwarding on Linux

Centos – iptables: forward port 80 to port 8080

Related Topic