networking – How to set firewall iptables for intrnet ip and port to access internet destination ip address


I have two linux servers: serverONE and serverTWO.

serverONE has Intranet address :10.1.200.2

serverTWO has two ip address: 10.1.0.12 and 172.8.2.16. And 10.1.0.12 is also Intranet address; 172.8.2.16 is internet address.

I have a internet destination address:10.20.102.188.

(Tom@serverTWO ~)$ ping 10.20.102.188 // is OK

and serverONE connects serverTWO is OK.

(Tom@serverONE ~)$ ping 10.1.0.12 // is OK

I set iptables with serverTWO , and gateway in serverONE.
And it makes serverONE can ping 10.20.102.188. like:

serverTWO:

(root@serverTWO ~)# cat /proc/sys/net/ipv4/ip_forward
1
(root@serverTWO ~)# iptables -t nat -A POSTROUTING -s 10.1.0.0/255.255.0.0 -j SNAT --to 172.8.2.16

serverONE:

(root@serverONE ~)# echo "GATEWAY=10.1.0.12" >>  cat /etc/sysconfig/network-scripts/ifcfg-eth0
(root@serverONE ~)# systemctl restart network

and then

(Tom@serverONE ~)$ ping 10.20.102.188  //is OK.

NOW, I want to make serverONE connect 10.20.102.188 with port 1005, like:

(Tom@serverONE ~)$ curl 10.20.102.188:1055  //is failed
 curl: (7) Failed to connect to 10.20.102.188 port 1055: No route to host

I have tested serverTWO, and it is OK, like:

(Tom@serverTWO ~)$ curl 10.20.102.188:1055 //is OK
 curl: (52) Empty reply from server

I have tried to make port NAT, like :

 (root@serverTWO ~)# iptables -t nat -A PREROUTING --dst 172.8.2.16 -p tcp --dport 1005 -j DNAT --to-destination 10.1.200.2:1005
 (root@serverTWO ~)# iptables -t nat -A POSTROUTING --dst 10.1.200.2 -p tcp --dport 1005 -j DNAT --to  10.1.0.12

UNluck, it fails again:

(Tom@serverONE ~)$ curl 10.20.102.188:1055  //is failed again
curl: (7) Failed to connect to 10.20.102.188 port 1055: No route to host

I don’t know how to set iptables, who can help me ?