Linux – ubuntu forward port to another machine

linuxlinux-networkingnat;port-forwardingubuntu-10.04

I'm migrating servers, and I'd like to forward port 80 on my existing machine to port 80 on the new machine while DNS switches over.

I'm running Ubuntu 10.04 server and trying to follow the guide at http://www.simplehelp.net/2009/04/15/how-to-redirect-traffic-to-another-machine-in-linux/

I've run

# echo 1 >/proc/sys/net/ipv4/ip_forward

But when I run the next command I get an error:

#iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 122.164.34.240
iptables: No chain/target/match by that name.

It seems I don't have the nat table there. Here's the output of iptables -L:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

There's no nat table.

What do I need to do to forward it to the other machine?

Note: I know about rinetd, and I can even have the webserver proxy requests to the new server. I'm trying to do this so that the logs will still make sense (rather than having a ton of logs that say the source IP was the old server)

Edit: Thanks to Eduardo, the problem was that the tutorial mistakenly says "-D PREROUTING" which is the command to delete the rule, it should read "-A PREROUTING".

However it still doesn't work. Here's what I'm doing:
machine-1: 192.168.56.150
machine-2: 192.168.56.151
I want to redirect machine-1 to machine-2.
On machine-1 I've run:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.56.151

On machine-2 I've run:

echo 1 > /proc/sys/net/ipv4/ip_forward #not sure if this is necessary, it didn't work at first so I ran this here too
iptables -t nat -A POSTROUTING -p tcp -d 192.168.56.151 --dport 80 -j MASQUERADE

On my workstation, I try to wget http://192.168.56.150 expecting it to give the response from machine-2 (and that machine-2 will have my workstation's IP in its logs) – however I just get connection timed out. I've checked machine-2 and it responds correctly.

Best Answer

Try replacing -D PREROUTING with -A PREROUTING. You're trying to delete a rule that doesn't exist. The tutorial has this same error repeated several times, I see - just use -A everywhere.

Also, you can use iptables -nvL -t nat to see the NAT tables.

Related Topic