I recently had a requirement from a client to “proxy” all requests to a particular IP. Reason being, they wanted to force the DNS updates onto their end-users who had their DNS servers lagged. Also, the point is to redirect users who had the IP address “bookmarked”. IAC, being a IPTABLES follower, the task turned out to be a lot trivial than I had anticipated.

There are tons of resources on the web on how to do similar things, including using third-party solutions, but most advises are around port-forwarding requests to a NAT’ed IP. So, since I was able to figure out the god-sent IPTABLE’s masquerade feature, I figured I’d capture it here, both for my future reference and for others who are trying to do same thing. As always, if this helps you in any way, a simple “Thank You” comment is always appreciated So here goes:

The first thing to do is do enable IP forwarding. This is done either by using:

#echo "1" > /proc/sys/net/ipv4/ip_forward

or

#sysctl net.ipv4.ip_forward=1

Then, we will add a rule telling IPTABLES’ PREROUTING chain to “forward” the traffic on port 80 to ip 2.2.2.2 on port 80:

#iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 2.2.2.2:80

and finally, we ask IPtables to masquerade:

iptables -t nat -A POSTROUTING -j MASQUERADE