Setting Up a Port Forwarding Using Uncomplicated Firewall(UFW)

The Linux kernel in Ubuntu provides a packet filtering system called netfilter, and the traditional interface for manipulating netfilter are the iptables suite of commands. iptables provide a complete firewall solution that is both highly configurable and highly flexible.

Becoming proficient in iptables takes time, and getting started with netfilter firewalling using only iptables can be a daunting task. As a result, many frontends for iptables have been created over the years, each trying to achieve a different result and targeting a different audience.

The Uncomplicated Firewall (ufw) is a frontend for iptables and is particularly well-suited for host-based firewalls. ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. ufw aims to provide an easy to use interface for people unfamiliar with firewall concepts, while at the same time simplifies complicated iptables commands to help an administrator who knows what he or she is doing. ufw is an upstream for other distributions and graphical frontends.

Setting Up a Port Forward

We are going to forward incoming traffic on the port 8000 to 8081

Enabling UFW: If not already enabled, start by enabling UFW. Run the following command in the terminal:

[ ~]# sudo ufw enable

Open the UFW configuration file: To set up port forwarding, you must edit the UFW configuration file, located at /etc/default/ufw.    

We mostly proffered Nano editor  

[ ~]# sudo nano /etc/default/ufw

Enable packet forwarding: In the UFW configuration file, find the line that says 


Change DROP to ACCEPT so it looks like this: 


This change allows UFW to forward packets, which is necessary for port forwarding.


Press Ctrl+O to save the changes, then Ctrl+X to exit nano.

Modify UFW’s before rules: UFW uses a set of "before rules" that are executed before the standard rules. These before rules can be used to set up port forwarding. 

[ ~]# sudo nano /etc/ufw/before.rules 

Add the following lines at the end of the file, replacing <your-ip> with the IP address of the machine where the packets will be forwarded:

# NAT table rules
# Forward traffic from port 8000 to port 8081.
-A PREROUTING -p tcp --dport 8000 -j DNAT --to-destination <your-ip>:8081
# Don’t masquerade local traffic.

Press Ctrl+O to save the changes, then Ctrl+X to exit nano.

Restart UFW: Finally, for the changes to take effects

[ ~]# sudo ufw disable 
[ ~]# sudo ufw enable 


About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment