troubleshooting Question

iptables - change destination port after accept

Avatar of Steve Bink
Steve BinkFlag for United States of America asked on
Linux NetworkingSoftware FirewallsNetworking Protocols
9 Comments1 Solution981 ViewsLast Modified:
I'm working with Ubuntu 14.04.  I'm trying to set up some inbound connections to MySQL.  I need the local MySQL port to stay at 3306.  Remote users, however, should connect to port 33000, and connections should be limited by IP whitelist.

Using "-j REDIRECT" or "-j DNAT" is not working.  My tests show that is because the default policy on INPUT is DROP, and I have no rule to ACCEPT on --dport 3306.  I do not want to light up port 3306, whitelist or not.

What rule can I create to ACCEPT a packet destined for an arbitrary port (e.g., 33000), only if originating from an acceptable IP, and mangle it to send it to the proper local destination port, all without opening the local destination port?
Duncan Roe
Software Developer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros