IPTABLES CONFIG:
Everything is modified for my needs
sources:
https://jensd.be/343/linux/forward-a-tcp-port-to-another-ip-or-port-using-nat-with-iptables
https://unix.stackexchange.com/questions/283801/iptables-forward-traffic-to-vpn-tunnel-if-open
All commands need to be run as root or use "sudo"
In case you already have some rules configured, it’s a good idea (in a testing environment) to flush the current rules:
iptables -F
iptables -t nat -F
You will need both sets of rules within iptables. The two rulesets ensure that traffic leaving by the specified interfaces is appropriately masqueraded:
Masquerade outgoing traffic
iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE
iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
Allow return traffic
iptables -A INPUT -i ens192 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tailscale0 -m state --state RELATED,ESTABLISHED -j ACCEPT
Forward everything
iptables -A FORWARD -j ACCEPT
To forward port 80 on host 217.160.70.150 to port 80 on host 100.96.158.8, we need to add the following rules to the iptables configuration of host 217.160.70.150:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 100.96.158.8:80
iptables -t nat -A POSTROUTING -p tcp -d 100.96.158.8 --dport 80 -j SNAT --to-source 217.160.70.150
Port 80 can be changed to whatever port is needed.
Check using "iptables -t nat -L -n" :
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:100.96.158.8:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
SNAT tcp -- 0.0.0.0/0 100.96.158.8 tcp dpt:80 to:217.160.70.150
Chain ts-postrouting (0 references)
target prot opt source