Special Edition Using Linux®, Sixth Edition

DNAT

Complementing source NAT is destination NAT (DNAT). This particular translation works in reverse. Under the older ipchains, you had to use ipmasqadm to achieve what was called port forwarding, and is now called DNAT. DNAT enables you to use the public IP addresses for functions such as FTP server, Web server, mail server, and so forth, without putting those systems at as high a risk. Behind a firewall, they are better protected.

Consider the following example:

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:80

This iptables rule will perform NAT prerouting. This allows the destination address change to be applied before the packet hits the kernel routing table. The only packets are TCP packets destined for ...

Get Special Edition Using Linux®, Sixth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Special Edition Using Linux®, Sixth Edition by David Bandel, Robert Napier

DNAT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly