Port forwarding with ipmasq

I have posted previously about using ipmasq and dnsmasq to perform internet connection sharing on a Linux system. Another task I needed to perform was to forward a port on one machine (the machine with the direct internet connection) to a machine on the internal network. Google returns plenty of results for all the ways I could think of to search for this, but none of them were straightforward. Forwarding incoming web or ssh requests seems, to me, like a very common activity.

I ended up using the two $IPTABLES lines from this page in the /etc/ipmasq/rules/F00chain.rul rule file for ipmasq. They ended up taking the following form:

$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp –dport 80 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d –dport 80 -m state –state NEW,ESTABLISHED,RELATED -j DNAT –to

where is the internet-visible IP address, and is the web server box on the intranet. Note that this example has eth0 connected to the internet and eth1 to the intranet, with eth1 having an IP address like


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s