π Port Forwarding with iptables (DNAT Configuration Guide)
Port forwarding, also known as Destination NAT (DNAT), is used to forward traffic from one IP/port to another internal IP/port. This is especially useful in scenarios where a server is behind a firewall or NAT router and needs to be accessible from the outside world.
π§ What is DNAT?
DNAT changes the destination IP and/or port of incoming packets. It's used in port forwarding to redirect requests from one machine to another on the local network.
π§° Use Case Example
Letβs say:
- Your public server IP is
203.0.113.10 - You want to forward external traffic on port
8080to an internal web server at192.168.1.100:80
π¦ Required Modules
Ensure iptables and ip_forwarding are enabled.
echo 1 > /proc/sys/net/ipv4/ip_forward
Make it permanent in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
Apply the config:
sudo sysctl -p
π§ DNAT Rule with iptables
Step 1: Add the DNAT rule
sudo iptables -t nat -A PREROUTING -p tcp -d 203.0.113.10 --dport 8080 -j DNAT --to-destination 192.168.1.100:80
This tells iptables to redirect traffic from public IP
203.0.113.10:8080to internal192.168.1.100:80.
Step 2: Allow forwarding of packets
sudo iptables -A FORWARD -p tcp -d 192.168.1.100 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Step 3: (Optional) SNAT to avoid asymmetric routing
If the internal server's default gateway is NOT the forwarding machine:
sudo iptables -t nat -A POSTROUTING -d 192.168.1.100 -p tcp --dport 80 -j SNAT --to-source 192.168.1.1
π§ͺ Testing
From a remote machine:
curl http://203.0.113.10:8080
You should reach the internal web server running on 192.168.1.100:80.
π List and Delete Rules
View NAT table
sudo iptables -t nat -L -n -v
Delete DNAT rule (replace with line number)
sudo iptables -t nat -D PREROUTING <line-number>
πΎ Save Rules
On Ubuntu/Debian:
sudo apt install iptables-persistent
sudo netfilter-persistent save
β Summary
Port forwarding via DNAT is a core technique in network configuration. It enables you to:
- Expose internal services securely
- Host multiple services behind a single IP
- Build custom gateways, proxies, and routers
Written by Santhosh Murugesan β Helping you master Linux networking, one NAT rule at a time.