A Step-by-Step Guide to Configuring Port Forwarding using Iptables on Linux-Based Systems


Port forwarding is a technique commonly used in computer networking to allow traffic from external sources to be directed to a specific machine or service within a network. This method is often employed to enable remote access to services like web servers, email servers, and file servers that are located within a private network, protected by a gateway or firewall.

To achieve port forwarding, one can utilize the iptables command-line tool on Linux-based systems. Iptables is a utility software that enables users to configure network traffic rules and policies. It organizes these rules and policies into predefined tables, each containing chains consisting of rules applied sequentially to incoming or outgoing traffic. Each iptables rule specifies conditions that must be met for its application, along with the corresponding action to be taken.

To set up port forwarding using iptables, follow these steps:

Step 1: Determine the Port Number and Protocol
Before initiating port forwarding, identify the port number and protocol associated with the desired service. The port number serves as a unique identifier for a specific service or application, while the protocol governs the rules governing data transmission between devices. For instance, forwarding all incoming traffic to a web server running on port 80 with the TCP protocol.

Step 2: Create a Chain for Port Forwarding
Next, create a chain that will facilitate the forwarding of incoming traffic to the relevant machine or service. This can be accomplished by adding a new chain in iptables. Use the following command to create a new chain:
sudo iptables -N
Replace `` with a descriptive name of your choice for the newly created chain.

Step 3: Add a New Rule to the Chain
Within the newly created chain, add a rule that directs the incoming traffic to the intended machine or service. The rule should specify the port number, protocol, and IP address of the designated machine. Execute the following command in the terminal:
sudo iptables -A -p tcp –dport 80 -j DNAT –to-destination
Ensure that you substitute `` with the name of your created chain. In this example, this command forwards all incoming traffic destined for a web server running on port 80 to a machine with the IP address

Step 4: Add a Rule to the Main Iptables for Forwarding
In addition to the chain creation and rule addition, it is necessary to include a rule in the primary iptables INPUT chain to permit the forwarding of incoming traffic to the new chain. Use the following command to add a rule to the main iptables:
sudo iptables -A INPUT -p tcp –dport 80 -j
Replace `` with the name of your created chain. The `-A` option specifies that the new rule should be appended to the end of the INPUT chain. The `-p` option designates the protocol (in this case, TCP), while the `–dport` option identifies the destination port (port 80). The `-j` option determines the action to be taken upon fulfillment of the rule’s conditions, which, in this case, is forwarding the traffic to the newly created chain.

Step 5: Save the Configuration
To ensure that the port forwarding rules persist upon device reboot, it is imperative to save the new configuration. Use the following command to save the configuration:
sudo iptables-save > /etc/iptables/rules.v4

Step 6: Test the New Configuration
Before finalizing the process, it is essential to test the port forwarding configuration to verify its efficacy. You can do this by attempting to connect to the service from another machine on the network or the internet. A successful configuration will facilitate connecting to the service using the specified port number and protocol.

In conclusion, port forwarding is a valuable technique for directing incoming traffic to a specific machine or service. By utilizing iptables on Linux-based systems, one can establish the necessary port forwarding rules, ensuring the appropriate redirection of incoming traffic to the desired machine or service. This article outlined the fundamental steps involved in port forwarding with iptables, encompassing chain creation, rule addition, main INPUT chain implementation, configuration preservation, and configuration testing. By following these steps, you can effectively establish port forwarding on your Linux-based system to accurately direct incoming traffic.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More