How to add with IPTables an Destination NAT.
Learn how to configure destination NAT (Network Address Translation) on Debian Linux with these examples.
Learn how to configure destination NAT (Network Address Translation) on Debian Linux with these examples.
If you want to forward incoming traffic on port 80 to the internal IP address 192.168.1.10, follow these steps:
Open a terminal or SSH connection to your Debian Linux server.
Execute the following command as the root user or with root privileges to add the destination NAT rule:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.10:80
This command adds a rule to the NAT table, redirecting incoming TCP traffic on port 80 to the internal IP address 192.168.1.10, port 80.
Save the iptables rules to persist them across reboots:
iptables-save > /etc/iptables/rules.v4
Restart the iptables service to apply the changes:
systemctl restart iptables
If you want to forward incoming traffic for a range of ports (8000-9000) to the internal IP address 192.168.1.20, follow these steps:
Open a terminal or SSH connection to your Debian Linux server.
Execute the following command as the root user or with root privileges to add the destination NAT rule:
iptables -t nat -A PREROUTING -p tcp --dport 8000:9000 -j DNAT --to-destination 192.168.1.20
This command adds a rule to the NAT table, redirecting incoming TCP traffic for the port range 8000-9000 to the internal IP address 192.168.1.20.
Save the iptables rules to persist them across reboots:
iptables-save > /etc/iptables/rules.v4
Restart the iptables service to apply the changes:
systemctl restart iptables
Please note that these examples provide basic iptables NAT configuration rules. Depending on your system's requirements and configuration, additional rules may be necessary to achieve the desired functionality. Make sure to customize the rules accordingly and consult the documentation for further details.
The DynDNS service of IPv64.net is free of charge and usable in all common routers and systems.
You have the choice between many different domain names.
The IPv64.net Healthchecks monitor your services, servers and endpoints. Receive notifications when your services fail.
This monitoring service is free with all features.
Registration with IPv64 is free of charge and immediately available for you.
TP-Link Omada EAP225 ~ 62.91 € Show me | |
TP-Link Omada EAP655-Wall, AX3000 ~ 116.30 € Show me |