Let’s say you wanted to forward a port to another host that has an external IP (public facing like yours), this is how you would do that:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $port -j LOG --log-prefix="PreRouting $port..:" sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $port -j DNAT --to $ip:$port sudo iptables -t nat -A POSTROUTING -j MASQUERADE sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -s $ip --sport $port -j LOG --log-prefix="S Forward $port.." sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -s $ip --sport $port -j ACCEPT sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -d $ip --dport $port -j LOG --log-prefix="D Forward $port.." sudo iptables -A FORWARD -p tcp -i eth0 -o eth0 -d $ip --dport $port -j ACCEPT
That’s about it, oh, there is a command you have to set on your network stack. Here:
sudo sysctl -w net.ipv4.ip_forward=1
This will work in a default DENY IPTables setup, so if you have already used my Default DENY IPtables firewall with auto update blacklist then this will work with it.