Forward the traffic to internal server through iptables rule use bastion server
Sometimes we have access internal service or server in local network,needs through external bastion server bridge to.
1# The traffic forward to internal environment through bastion iptables rule diagram
2
3# local or office ------> bastion machine ----------> internal server
4# local access bastion-public-ip:8888 -----> bastion iptables rules ----> internal server:80
5
6# display iptalbes nat rules
7iptables -t nat -L
8
9# add prepostrouting rule to chain
10iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8899 -j DNAT --to-destination 192.168.1.3:80
11
12# add postrouting rule to chain
13iptables -t nat -A POSTROUTING -d 192.168.1.3/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.1.4
14
15# enable the forward traffic
16iptables --policy FORWARD ACCEPT
17
18# open system forward parameters permanent
19echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
20
21# temporary enable the forward
22sysctl net.ipv4.ip_forward=1
23
24# save the rules to file
25iptables-save > iptables.txt
26
27# from file restore rules
28iptables-restore < iptables.txt