IP-restricted port forwarding with iptables

Posted by Tom on Server Fault See other posts from Server Fault or by Tom
Published on 2010-06-09T02:58:39Z Indexed on 2010/06/09 3:02 UTC
Read the original article Hit count: 240

Filed under:

iptables

|

port-forwarding

For an example, I have two authorized client computers, 1.1.1.1 and 2.1.1.1. My server running iptables is 3.1.1.1 and my firewalled web server is 4.1.1.1. When one of the authorized client IPs connects to 3.1.1.1 on port 80, I would like the connection to be forwarded to 4.1.1.1 on port 8888. If any other IP attempts to connect I would like it to refuse/drop the connection. What iptables config would accomplish this? Is there something more specific out there that would be better suited for this job?

© Server Fault or respective owner

Related posts about iptables

Sometimes this script fails to update the iptables

as seen on Server Fault - Search for 'Server Fault'
It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error. The iptables is structured as look-up tree (long repeated sections snipped): #!/bin/sh iptables -t… >>> More
My current iptable configuration doesn't work [on hold]

as seen on Server Fault - Search for 'Server Fault'
sudo chkconfig iptables off /etc/init.d/iptables on ### Clear/flush iptables sudo iptables -F sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT ### Allow SSH iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables… >>> More
L2TP iptables port forward

as seen on Server Fault - Search for 'Server Fault'
Hi all, I'm setting up port forwarding for an L2TP VPN connection to the local Windows 2003 VPN server. The router is a simpel Debian machine with iptables. The VPN server works perfect. But I cannot log in from the WAN. I'm missing something. The VPN server is using a pre-shared key (L2TP) and… >>> More
iptables -P FORWARD DROP makes port forwarding slow

as seen on Server Fault - Search for 'Server Fault'
I have three computers, linked like this: box1 (ubuntu) box2 router & gateway (debian) box3 (opensuse) [10.0.1.1] ---- [10.0.1.18,10.0.2.18,10.0.3.18] ---- [10.0.3.15] | box4, www [10.0.2.1] Among other… >>> More
IPtables AWS EC2 NAT/Reverse NAT - For Reverse Proxy style setup but with IPtables

as seen on Server Fault - Search for 'Server Fault'
I was thinking initially needing to do a reverse proxy or something so I could get some SSL/TLS traffic look like it is being terminated at a server and IP address in the AWS cloud, and then that traffic is forwarded onto our actual web servers that aren't in the cloud... I've not done much iptables… >>> More

Related posts about port-forwarding

Stable reverse port forwarding in SSH and stale sessions

as seen on Super User - Search for 'Super User'
Using VPS to forward ports behind NAT: for((;;)) { ssh -R 2222:127.0.0.1:22 [email protected]; sleep 10; } When connection is broken somehow and it is reconnecting. Warning: remote port forwarding failed for listen port 2222 Linux vi-server.no-ip.org 2.6.18-92.1.13.el5.028stab059.3 #1 SMP Wed Oct… >>> More
port forwarding? [closed]

as seen on Super User - Search for 'Super User'
Possible Duplicate: Configure Modem for Bittorrent downloads any guides on portforwarding? I want to speed up my torrent downloads >>> More
WRT54G - how use port forwarding and VNC

as seen on Super User - Search for 'Super User'
Since I have my home network behind a WRT54G, the router has an external "real" IP address, and the PCs behind it have 192.168.xxx.xxx addresses. I would like to be able to control one of them remotely - preferably using UltraVNC, but I am open to suggestions. Since I can't directly address that… >>> More
Port forwarding - firewall deactivated?

as seen on Super User - Search for 'Super User'
In a Port Forwarding guide I have read I should set port forwarding on my ADSL modem and disable its firewall. Until I did both of this, my torrent client was not visible as a server from outside. However, I am unsure what implications disabling firewall has and why it is needed. Can anyone explain… >>> More
PortForwarding to IIS in Linux

as seen on Server Fault - Search for 'Server Fault'
Hi, I am trying to set up port forwarding on a linux box to a IIS webserver on my internal network. The web server sits on Windows 2003 Server. My linux box has eth0 - Internet connection eth1 - internal subnet (10.10.10.x) eth2 - 2nd internal subnet (129.168.0.x) dhcp interface my webserver… >>> More