Centos 7 save iptables settings (port forwarding)

by soupe   Last Updated May 22, 2020 23:00 PM

I have KVM installed on Centos with one VM

Host ip: 192.168.1.108, Guest ip: 192.168.100.227, LAN: 192.168.1.4/24

here is all what i did:

i have disabled firewalld and installed iptables-services

systemctl disable firewalld 
yum install iptables-services 
systemctl enable iptables.service

here is my rules

iptables -t nat -A PREROUTING -p tcp -s 192.168.1.4/22 -d 192.168.1.108 --dport 8000 -j DNAT --to-destination 192.168.100.227:8888
iptables -t nat -A POSTROUTING -p tcp --dport 8888 -d 192.168.100.227 -j SNAT --to 192.168.100.1
iptables -I FORWARD -m state -d 192.168.100.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

And finally save my iptable rules (with a superuser)

/usr/libexec/iptables/iptables.init save

(also tried "service iptables save")

In /etc/sysconfig/iptables-config

IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART="yes"

For now everythings works well and i can get access to my python server (hosted in the VM on Port 8888) via 192.168.1.108:8000 But after a restart iptables still enabled but this rule

iptables -I FORWARD -m state -d 192.168.100.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

does not work anymore.I have to add it again to acces to my python server.

Is there another way to do this port fowarding (maybe with FirewallD) or am i missing something ?



Answers 1


As I was facing a similar issue a month ago, my workaround was to load my iptable rules from : etc/network/interfaces with the restore command :

iptables-restore < /etc/iptables.rules

Every time I reboot my iptables keep all updates included in iptables.rules.

Alexandre Roux
Alexandre Roux
December 12, 2016 14:34 PM

Related Questions


Firewalld Centos 7 NAT Host and VMs

Updated June 26, 2017 16:00 PM

Port forwarding with firewall-cmd

Updated October 01, 2018 14:00 PM