Forward incoming traffic to different server

# stop iptables
/etc/init.d/iptables stop
# remove all rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
# Enable ip forwarding
sysctl net.ipv4.ip_forward=1
# Only allow SSH from IP 2.2.2.2
iptables -A INPUT -s 2.2.2.2/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# Block the other traffic
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
# Forwarding incoming traffic on specific ports to ip 3.3.3.3:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 3.3.3.3:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 3.3.3.3:443
iptables -t nat -A PREROUTING -p tcp --dport 110 -j DNAT --to-destination 3.3.3.3:110
iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 3.3.3.3:25
iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 3.3.3.3:143
iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 3.3.3.3:465
iptables -t nat -A PREROUTING -p tcp --dport 585 -j DNAT --to-destination 3.3.3.3:585
iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 3.3.3.3:993
iptables -t nat -A PREROUTING -p tcp --dport 995 -j DNAT --to-destination 3.3.3.3:995
iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to-destination 3.3.3.3:21
iptables -t nat -A PREROUTING -p tcp --dport 20 -j DNAT --to-destination 3.3.3.3:20
# tell iptables to masquerade:
iptables -t nat -A POSTROUTING -j MASQUERADE
Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp