Port Translation via iptables?

Hi, is there a way using iptables to perform port translation, i.e.

Have a service listening on port 343 on the server box, but have
public users reach the server via port 8080 using iptables to route
traffic to port 343 on the server box.

Do I need to create a rule for incoming traffic, as well as outgoing
traffic? Or is this even possible?


Thanks for any help.


-iptables newb



d a v i d

Hello,

d a v i d a écrit :
> Hi, is there a way using iptables to perform port translation, i.e.
>
> Have a service listening on port 343 on the server box, but have
> public users reach the server via port 8080 using iptables to route
> traffic to port 343 on the server box.

Of course. Have a look at the DNAT and REDIRECT targets.

> Do I need to create a rule for incoming traffic,

Yes. For example :

iptables -t nat -A PREROUTING -d <box_ip_address> -p tcp --dport 8080 \
-j REDIRECT --to-ports 343

or :

iptables -t nat -A PREROUTING -d <box_ip_address> -p tcp --dport 8080 \
-j DNAT --to :343

Actually "-d <box_ip_address>" is not needed if the box does not act as
a router.

> as well as outgoing traffic?

No. Netfilter will automatically translate the return traffic as needed.