Skip to main content


iptables arguments

-t = table, -X = del chain, -i = interface

Deleting a line:

iptables -L --line-numbers
iptables -D (CHAIN) (LINE NUMBER)


example for FTP NAT: 

iptables -t nat -A PREROUTING -p tcp --dport 21 -j DNAT --to-destination
iptables -t nat -A PREROUTING -p tcp --dport 49152:65534 -j DNAT --to-destination

to check a nat rule:

iptables -t nat -nvL

masquerade traffic from an IP to another host

Enable ip forwarding

echo "1" > /proc/sys/net/ipv4/ip_forward

Then, we will add a rule telling to forward the traffic on port 1111 to ip on port 1111:

iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination

and finally, we ask IPtables to masquerade:

iptables -t nat -A POSTROUTING -j MASQUERADE 

Optionally, you could only redirect the traffic from a specific source/network with, for a host only:

iptables -t nat -A PREROUTING -s -p tcp --dport 1111 -j DNAT --to-destination

or for a whole network

iptables -t nat -A PREROUTING -s -p tcp --dport 1111 -j DNAT --to-destination

that’s it, now the traffic to port 1111 will be redirected to IP .

If you go on host, you should see a lot of traffic coming from the host doing the redirection.