Forward specific external traffic to LAN server

linux iptables port-forwarding routing

Solution 1:

If I understood correctly, you want to forward all traffic from 88.88.88.88 to the protected server 172.26.0.11. Here's an example using NAT:

sysctl net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -i <wan-if> -s 88.88.88.88 -j DNAT --to-destination 172.26.0.11
iptables -t nat -A POSTROUTING -s 88.88.88.88 -d 172.26.0.11 -j SNAT --to-source 172.26.0.99
iptables -A FORWARD -s 88.88.88.88 -d 172.26.0.11 -j ACCEPT

Alternatively, forwarding on a per port basis, use ipvs or SystemD sockets or iptables -j REDIRECT to set up the forwarding and firewall the port. Example with ipvs and iptables:

sysctl net.ipv4.vs.conntrack=1

ipvsadm -A -t "172.26.0.99:<port>" -s rr
ipvsadm -a -t "172.26.0.99:<port>" -r "172.26.0.11:<port>" -m

iptables -A INPUT -s 88.88.88.88 -j ACCEPT -m comment --comment "Allow 88.88.88.88"
iptables -A INPUT -j DROP -m comment --comment "Catch-all drop"

Related

Can't access iDRAC9 Web UI
Ufw and Iptables. Which is better and why? [closed]
How to completely remove python2.4 and update to 2.7
Using InTune for BitLocker enabling TPM+PIN+USB
Patch management on multiple systems
Min/Max-value validators in asp.net mvc
How to convert webpage into PDF by using Python
Can you target an elements parent element using event.target?
Docker run vs create
Permission denied when activating venv
How to add a primary key to a MySQL table?
Spring-boot default profile for integration tests