Linux SysAdmin & DevOps

Iptables port forwarding requests localhost

Iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules.

Let’s take this scenario. You have an app which binds locally on on port let’s say 8080. And simply for testing purposes you don’t want to install nginx or any other software on the linux server so you can actually proxy forward the requests to the app.

Easiest way to do it? Using iptables which comes by default on any linux OS.

This can be achieved with one single simple rule:

iptables -t nat -I PREROUTING -p tcp -d server-public-ip/32 --dport 8080 -j DNAT --to-destination

For the above rule to work you also need this step:

sysctl -w net.ipv4.conf.eth0.route_localnet=1

By default the value is 0 which instructs the kernel to not route external traffic destined to This is just for security as such traffic is not normal).

Then you can connect to your server’s public ip to port 8080. Port 8080 is just for example purposes. You can use any port like 12345 which will redirect to your localhost app on port 8080.

That’s it!