Linux IPTables Mangling Rule

Posted on 2011-04-19
Last Modified: 2012-05-11
I'm looking for a way to create an iptables mangling rule that will allow traffic from a local ip and port to be redirected to an external ip address. I realize this is normally not a good idea, but a proprietary piece of software we are using requires connections to be made from non-internal IP addresses on the LAN.
Question by:nlhess2003
    LVL 8

    Expert Comment

    like this?
    iptables -t mangle -A FORWARD -i eth1 -o eth0 -p tcp -m multiport --dports 1024:5189,5191:8079,8081:65535 -j MARK --set-mark 100
    LVL 8

    Expert Comment

    or this:
    iptables -t mangle -A FORWARD -i eth1 -o eth0 -s -d -p tcp -m multiport --dports 1024:5189,5191:8079,8081:65535 -j MARK --set-mark 100
    LVL 4

    Accepted Solution

    so you just look for port forwarding?

     to allow traffic from local ip you need:

    sudo iptables -I INPUT -s local.ip(s)/mask(if need) -j ACCEPT

    for redirect to external port:

    sudo iptables -t nat -A PREROUTING -i eth*(here interface number) -p tcp --dport (localport) -j DNAT --to-destination external.ip:externalport.

    sudo iptables -I FORWARD -s (local ip's that allow to redirect) -j ACCEPT

    second way, if you have access to both computers, you can redirect port via SSH:

    ssh -L localport:external.ip:externalip.port *user*@external.ip


    ssh -L 3309:localhost:3309 admin@

    this will connect mysql localhost port, from, to my 3309 port

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now