If you are behind a router aka ADSL router and you are assigned a private IP address, e.g., 192.168.0.0/16, 172.16.0.0/16, or 10.0.0.0/8, you will be able to use most of Internet applications like Web, E-mail, FTP, and more. However, P2P softwares might not work well because your computer can't receive incoming connection directly. You have to choice, DMZ or Port Forwarding. In case of your router is purely hardward, PortForward.com might help. Otherwise, your router might be handmade Linux router or you are using a kind of a VPN. The most common software in Linux router or VPN is iptables. This article is to describe how to set port forwarding through DNAT using iptables.

DNAT stands for Destination Network Address Translation. It is not as complicate as other setting, instead, it is just another setting. All you need to know are:

1. Protocol - UDP or TCP
2. Port - the external port to forward
3. IP address - the private IP address

The command is very simple as follow.

iptables -t nat -A PREROUTING -p $PROTO --dport $PORT -j DNAT \
--to-destination $LAN_IP

For example, you are going to forward TCP port 4662 to IP address 192.168.1.10.

iptables -t nat -A PREROUTING -p tcp --dport 4662 -j DNAT \
--to-destination 192.168.1.10

In addition, you might be interesting to forward UDP port 4672 to the same IP address.

iptables -t nat -A PREROUTING -p udp --dport 4672 -j DNAT \
--to-destination 192.168.1.10

For BitTorrent, the default TCP port range is 6881-6889.

iptables -t nat -A PREROUTING -p tcp --dport 6881-6889 -j DNAT \
--to-destination 192.168.1.10

For more information, read the tutorial.

Tags: iptables, port forward, dnat, nat, linux