Enable Kernel Packet Forwarding

To enable immediately, open a root shell and run:

echo 1 > /proc/sys/net/ipv4/ip_forward

To persist after reboot, ensure the following line is set in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Setup Iptables Rules

Run the snippet below, replacing the environment variables with the proper values.


# Run once per rule to create
iptables -t nat -A PREROUTING -p tcp --dport ${FRONTEND_PORT} -j DNAT --to-destination ${BACKEND_IP}:${BACKEND_PORT}

# Only run once
iptables -t nat -A POSTROUTING -j MASQUERADE

After running the commands, the rules are running in memory, but not persistent.

Once done, you can list the rules that are currently running to confirm they are correctly configured.

iptables -t nat --list

Persist and Restore Rules

Next, we must dump the current rules to a file so it can be loaded on every boot.

First, dump to a file.

iptables-save > /etc/iptables.rules

Then, open /etc/systemd/system/restore-iptables-rules.service in your text editor of choice, and put the following content in the file:

Description = Apply iptables rules

ExecStart=/bin/sh -c 'iptables-restore < /etc/iptables.rules'


Then, run:

sudo systemctl enable restore-iptables-rules.service

Final Test

At this point, your rules are running in memory, and will be put into place on each boot by the systemd service. Reboot your system to confirm functionality.