Ubuntu NAT | Notion

Author: Weiwei Wan, Date: 03/16/2022, Place: Toyonaka, Osaka

Enable IP Forwarding:

sudo vi /etc/sysctl.conf
>> net.ipv4.ip_forward=1

Add forwarding rule:

sudo iptables -t nat -A PREROUTING -p tcp -d 10.2.0.203 --dport 18333 -j DNAT --to-destination 192.168.1.227:18333

Ask IPtables to Masquerade:

• IPマスカレードで具体的にやっていることは、送信元のIPアドレスを「クライアント」から「転送元サーバ(192.168.1.4)」に変換する処理。ポート番号は通信の度に任意の値（例:51720、52369等）が付与される。

sudo iptables -t nat -A POSTROUTING -j MASQUERADE

To make the iptable persistent, install iptables-persistent

sudo apt install iptables-persistent

Then, use:

sudo netfilter-persistent save

or directly edit:

sudo vi /etc/iptables/rules.v4ko

to finalize the forwarding rules.

The final iptables on RPI after configuring xarm and shuidi are as follows:

# Generated by xtables-save v1.8.2 on Sun Feb 20 20:48:20 2022
*filter
:INPUT ACCEPT [85686:49619567]
:FORWARD ACCEPT [11452:15394940]
:OUTPUT ACCEPT [7923:1982369]
COMMIT
# Completed on Sun Feb 20 20:48:20 2022
# Generated by xtables-save v1.8.2 on Sun Feb 20 20:48:20 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# xarm
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 18333 -j DNAT --to-destination 192.168.1.227:18333
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 502 -j DNAT --to-destination 192.168.1.227:502
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 30001 -j DNAT --to-destination 192.168.1.227:30001
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 30002 -j DNAT --to-destination 193.168.1.227:30002
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 30003 -j DNAT --to-destination 192.168.1.227:30003
# shuidi
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 9001 -j DNAT --to-destination 192.168.10.10:9001
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 9090 -j DNAT --to-destination 192.168.10.10:9090
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 8809 -j DNAT --to-destination 192.168.10.10:8809
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 8888 -j DNAT --to-destination 192.168.10.10:8888
-A PREROUTING -d 10.2.0.203/32 -p tcp -m tcp --dport 31001 -j DNAT --to-destination 192.168.10.10:31001
# post
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Sun Feb 20 20:48:20 2022