I would like to make CentOS a port forwarding NAT machine using iptables. This is the first time I've tried this and I think i might need a little help.
This is the configuration i'm trying to achieve. I'm trying to make a remote desktop connection through the CentOS machine on port 5500 and have CentOS connect to the server on port 3389.
192.168.21.11 is the client that should connect to port 3389 on 192.168.9.120 by connecting to 192.168.21.10 (CentOS) on port 5500.
- CentOS eth0 is 192.168.9.20/24
- CentOS eth1 is 192.168.21.10/24
What I tried so far:
- Disabled SELINUX
Enabled IPv4 forwarding in /etc/sysctl.conf
/etc/sysctl.conf net.ipv4.ip_forward = 1Ran the following iptables commands
iptables -t nat -A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389 iptables -A INPUT -i eth1 -p tcp --dport 5500 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 5500 -m state --state ESTABLISHED -j ACCEPT service iptables save
After saving this configuration I was not able to make the remote desktop connection I'm trying to achieve, so is there anything wrong with my iptables rules? Or is there something I might be missing?
Try to add this rule to your /etc/sysconfig/iptables right after
-A PREROUTING -p tcp -d 192.168.21.10 --dport 5500 -j DNAT --to 192.168.9.120:3389-A POSTROUTING -d 192.168.9.120 -j MASQUERADESecond check if net.ipv4.ip_forward is set to 1 by executing 'sysctl -a | grep net.ipv4.ip_forward`
If it's still set up on 0 then execute:
sysctl -w net.ipv4.ip_forward=1Try adding:
You should read up on the difference between
iptables -Aandiptables -Iand take a look at the default rules on your system. It seems fairly likely that your INPUT rule at least will not work because of the difference.Setting a value in /etc/sysctl.conf does not set it in the running kernel. The sysctl(8) man page is your friend.
Don't just disable SELinux - it's there to help protect you.