1,234
edits
Changes
→Port forwarding SSH
[[File:SuseIptablesDiagram.png|400px|border|center]]
Since we're forwarding traffic: the router is neither the source or the destination, therefore the INPUT and OUTPUT chains don't apply. We'll add one rule to the PREROUTING chain of the NAT table, and remove the default blocking rule from the FORWARD table.
** forward incoming tcp port 2211 packets to port 22 on www <source>iptables -t nat -A PREROUTING -p tcp --dport 2211 -j DNAT --to 10.3.45.11:22</source>
** allow forwarding to www (or just remove default reject rule)<source>iptables -D FORWARD 1</source>