In Linux, the ability if port forwarding is indispensable. Whether you’re setting up a web server, hosting multiplayer games, or configuring a VPN, port forwarding empowers you to route incoming traffic to specific destinations within your network. One powerful tool at your disposal for managing network traffic in Linux is IPTables.
This guide aims to demystify the process of port forwarding with IPTables in Linux, catering to both novices and experienced users alike. By following these steps, you’ll gain the expertise to manipulate network traffic with precision, bolstering the security and efficiency of your Linux server or workstation.
Iptables Port Forwarding
The proxy firewall plays an essential role in securing web application infrastructure. The application is installed on a proxy server with a dedicated public IP and acts as a gateway that protects the internal network from external threats.
The sections below describe the procedure for setting up a simple Iptables-based firewall that controls network traffic to and from a web server.
Step 1: Set up Web Server
The first step in configuring firewall-based network access is ensuring the web server accepts only the connections made over the private network. Follow the steps below to create an example Nginx web server that only allows access from a private IP address.
Gather Web Server Network Interface Details
Open the terminal on the web server and follow these steps:
1. Enter the following command to list the available IPv4 connections.
ip -4 addr show scope global
The ip command output lists the available network interfaces and the assigned IP addresses.
Set up Nginx
Follow these steps on your web server to install and configure Nginx:
1. Update the repository information on the web server using your Linux distribution’s package manager. The tutorial uses APT.
sudo apt update
2. Install the Nginx web server package.
sudo apt install nginx
Type Y, press Enter, and wait for the installation to finish.
3. Use a text editor such as Nano or Vim to open the configuration file for the default Nginx server block.
sudo nano /etc/nginx/sites-enabled/default
4. Find the server section in the file. The contents should resemble the example below:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
5. Add the server’s private IP address before the port number in the section’s first line.
listen [web-server-private-ip]:80 default_server;
Delete the second line, as it relates to the IPv6 address not covered in this tutorial. The following example shows the server section after editing.
Save the file and exit.
6. Test the syntax of the Nginx configuration by typing:
sudo nginx -t
Nginx displays syntax errors if any. When there are no errors, Nginx displays the following output:
sudo systemctl restart nginx
Test Web Server Configuration
Confirm that the Nginx server works as intended with the curl command. Run this command from another computer on the same private network:
curl [web-server-private-ip]
The output shows the HTML data of the Nginx welcome page
