Foward traffic (filter by source ip and dst port) to other public ip

Check it on Gist:

# run all these on the bastion vm
# iptables can not directly route traffic to public ip ( in my test )
# so I insert a socat here to help get the job done

iptables -t nat -F # flush all the current NAT rule ( be careful )
iptables -t nat -A PREROUTING -s -p tcp --dport 443 -j DNAT --to-destination :4433 # all traffic to port 443 from get routed to port 4433
iptables -t nat -A POSTROUTING -j MASQUERADE # let iptables do the NAT work
iptables -t nat -nL # double check if iptables are correctly showing the rules

nohup socat TCP4-LISTEN:4433,reuseaddr,fork TCP4: & # use socat to forward traffic to final destination, in the demo here,


电子邮件地址不会被公开。 必填项已用*标注