Category: iptables

The port forwarding from one ip to another ip in same network using iptables

Let’s say that we need to forward all connection to a port 143 IMAP to localhost to another server to a port 143 IMAP:

iptables -t nat -I PREROUTING -p tcp -d localhost --dport 143 -j DNAT --to-destination anotherserver:143
iptables -t nat -A POSTROUTING -p tcp --dport 143 -d anotherserver -j SNAT --to localhost

172.16.60.5 – localhost
172.16.10.77 – another server

# Forward port 143 IMAP to 172.16.10.77
iptables -t nat -I PREROUTING -p tcp -d 172.16.60.5 --dport 143 -j DNAT --to-destination 172.16.10.77:143
iptables -t nat -A POSTROUTING -p tcp --dport 143 -d 172.16.10.77 -j SNAT --to 172.16.60.5

# Log connection to port 143 to /var/log/firewall
iptables -t nat -I PREROUTING -p tcp --dport 143 -j LOG --log-prefix "IMAP PREROUTING: "
iptables -t nat -I POSTROUTING -p tcp --dport 143 -j LOG --log-prefix "IMAP POSTROUTING: "

Use the iptables and ip6tables services instead of firewalld – CentOS 7

To use the iptables and ip6tables services instead of firewalld, first disable firewalld by running the following command as root:

root# systemctl disable firewalld
root# systemctl stop firewalld

Then install the iptables-services package by entering the following command as root:

root# yum install iptables-services

The iptables-services package contains the iptables service and the ip6tables service.
Then, to start the iptables and ip6tables services, run the following commands as root:

root# systemctl start iptables
root# systemctl start ip6tables
root# systemctl enable iptables
root# systemctl enable ip6tables

An example script which blocks INPUT and FORWARD and runs /sbin/iptables-save and writes the current iptables configuration to /etc/sysconfig/iptables. Upon reboot, the iptables init script reapplies the rules saved in /etc/sysconfig/iptables by using the /sbin/iptables-restore command.

Continue reading “Use the iptables and ip6tables services instead of firewalld – CentOS 7”