You have a Local Area Network (LAN) that using Linux as a router. In the Linux box there are two network interface card (NIC) attached to it, one has public IP that connect to Internet Service Provider (ISP) and the other one has private IP address that connect to the LAN. This Linux box does forward packets and also NAT (network address translation) so workstation inside LAN can connect to internet. See the diagram below:
Let’s say PC A is an NMS (Network Monitoring System) and PC B is an FTP server. If you are inside the LAN, you can easily access both by pointing to its IP address. But how do we access both PC from outside the LAN e.g from our home?
There are two ways actually to do this. Using VPN (Virtual Private Network) or port forwarding/redirecting. This tutorial will help you on how to forward/redirect port using iptables on Linux.
Let’s say you want to do remote desktop to PC A and FTP to PC B. Remote desktop application uses port 3389 and FTP uses port 21. You need to forward both ports in Linux box using command below:
iptables -t nat -A PREROUTING -d 111.222.111.222 -i eth0 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.100.200:3389
iptables -t nat -A PREROUTING -d 111.222.111.222 -i eth0 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.100.201:21
The commands above tell to Linux box that if there is a request for port 3389 on external interface then forward/redirect to destination PC A on the same port. Also if there is a request for port 21 on external interface then forward/redirect to destination IP address of PC B on the same port.
By issuing those commands, PC A and PC B are now accessible from outside the LAN.