linux iptables how to port forward

I have a Linux slackware host acting as a LAN router and DHCP server. That is working fine. I now want to port forward e.g. port 22 from the internet to a host on the LAN.  I haven't quite found what I'm looking for on the web or on EE.

On the router/DHCP-server host I have:

eth0 is the connection to the Internet with a static IP: and a public domain of

eth1 is the LAN interface with static IP This is also the interface for the DHCP server which is started with: /usr/sbin/dhcpd eth1. I also have
/etc/sysctl.conf has: net.ipv4.ip_forward = 1

My iptables startup has:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

So far, the above is my configuration for setting this computer up as a router for my LAN. As I said, this works fine and the other hosts in the LAN get their IPs from this host and are all on the subnet.


I want Internet requests coming in on port 30038 via eth0 to be routed to, port 22.

That's it! Basically, I want to ssh into the host at by doing:

ssh -p 30038

How do I do that?

(I also want to eventually route ports 80, 443 and 25 to this same host, but I suppose if I can do what I want for 22 I can figure out the rest).
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dash AmrSenior Specialist(PM)Commented:
ssh -L <local port>:<remote computer>:<remote port> <user>@<remote ip>
Dash AmrSenior Specialist(PM)Commented:
An example is:

ssh -L 6669: foowho

In this example, local port 6669 on the local client computer is tunneled by encrypted SSH over the default port 22 to the router at The router must be set up to forward port 22 to whatever the internal LAN IP (such as of the SSH host is. The host is running OpenSSH (ssdh service) and is set to listen to port 22. It then routes the incoming data to the host port 6667, where presumably some other program is waiting for data. foowho has an account on the host running the OpenSSH server.
MarkAuthor Commented:
No, I know how to ssh using a not-port-22. In my original posting I have: ssh -p 30038

My question is how to set up iptables to route Internet request to to LAN host

ALFA007 almost has the idea, but reversed. I don't want to go from router:22 to LANhost:30038, I want to go from router:30038 to LANhost:22. ALFA007's statement, "The router must be set up to forward port 22 to whatever the internal LAN IP (such as of the SSH host is." Yes, how to set up the router? My Linux host *is* the router.
Dan CraciunIT ConsultantCommented:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 30038 -j DNAT --to-destination

Please note that you will have to enable NAT first. Here's an article on how to do that:


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MarkAuthor Commented:
DanCraciun: >  you will have to enable NAT first.

I believe that is taken care of. I listed the lines from my iptables config in my original posting:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

Anyway, your solution did the trick! I was able to forward that port and others to the desired hosts.

One last problem: I think I messed up a convoluted forward of port 25. See my new posting:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.