Question

need help on port forwarding

Hello, I want to forward only 3 ports from my first server to the second server with the iptable command. But the rest of the ports remain normal. And this command does not affect the performance of socat negatively, because I have a forwarded port with socat and when I run the iptable command, this port is disconnected.

For a better explanation, I have a v2ray configuration on my first server on port 2086, on which tls is active, apparently when I forward a port from the second server to the first server on which tls is active with socat, it does not work because of tls mismatch . For this reason, I want to forward only 3 ports from the first server to the second server with the iptable command without any problem with the forwarded port with socat.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
June 15, 2023

Heya @driftinglightcyanurchin,

You can use something like the following to achieve what you want

  1. Enable IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward

To make the change permanent, you can edit the file `/etc/sysctl.conf` and add or un-comment the following line:

net.ipv4.ip_forward = 1

  1. Use iptables to forward the specific ports:

    For instance, if you want to forward ports 3000, 3001, and 3002 from your first server (IP: 1.1.1.1) to the second server (IP: 2.2.2.2), you would use these commands:

iptables -t nat -A PREROUTING -p tcp --dport 3000 -j DNAT --to-destination 2.2.2.2:3000
iptables -t nat -A PREROUTING -p tcp --dport 3001 -j DNAT --to-destination 2.2.2.2:3001
iptables -t nat -A PREROUTING -p tcp --dport 3002 -j DNAT --to-destination 2.2.2.2:3002
iptables -t nat -A POSTROUTING -j MASQUERADE

  1. Save the iptables rules:

    For Ubuntu/Debian:

iptables-save > /etc/iptables/rules.v4

For CentOS/RedHat:

service iptables save

Please replace 1.1.1.1 and 2.2.2.2 with the actual IP addresses of your first and second servers, and 3000, 3001, and 3002 with the ports you actually want to forward.

Note: This will not affect other ports, so it should not interfere with your existing socat configuration. If the socat forwarding stops working after running these commands, it’s likely due to a conflict on the specific ports you’re trying to forward. Make sure the ports forwarded by iptables and socat are not overlapping.

Remember, any time you manipulate iptables or networking configurations, there is a risk of disrupting network connections. It is highly recommended that you understand the impact of these commands and have a plan to reverse changes if necessary.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.