Skip to content

Instantly share code, notes, and snippets.

@umardx

umardx/dnat.md

Created June 27, 2023 16:09
Show Gist options
  • Save umardx/41878d780aec45a86b65e8b87874e74c to your computer and use it in GitHub Desktop.
Save umardx/41878d780aec45a86b65e8b87874e74c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dnat.md

To DNAT the traffic from 10.1.1.1:5432 to 192.168.1.1:5432 using iptables, you can follow these steps:

  1. Enable IP forwarding:

    sysctl net.ipv4.ip_forward=1

  2. Create the DNAT rule:

    iptables -t nat -A PREROUTING -i ens4 -p tcp --dport 5432 -j DNAT --to-destination 192.168.1.1:5432

    This rule tells iptables to redirect incoming TCP traffic on port 5432 of the ens4 interface to the destination IP address and port 192.168.1.1:5432.

  3. Enable masquerading (Source Network Address Translation) to rewrite the source IP address:

    iptables -t nat -A POSTROUTING -o ens4 -j MASQUERADE

    This rule ensures that the response packets from the destination IP address are properly routed back to the client through the ens4 interface.

  4. Save the iptables rules:

    iptables-save > /etc/iptables/rules.v4

    This command saves the iptables rules so that they persist after a reboot.

Make sure to replace ens4 with the actual interface name for the proxy server and 192.168.1.1:5432 with the IP address and port of your Postgres instance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment