IP tables and port forwarding:
Port forwarding makes it possible to have only one exposed IP address, and depending on the port on which the request arrives, it is redirected to an internal server with an internal IP address.
IP tables rules for Port forwarding:
To accept the packets going to the address "10.11.0.2" on port "80", we use the below command.
It accepts NEW packets - on a new connection -, packets that are part of an ESTABLISHED connection or packets RELATED to an already established connection.
The below command routes the packets that come on the interface "eth2" on port "2000" to the IP address "10.11.0.2" on port "80".
The "PREROUTING" takes place before any routing takes place.