Port forward to nodeport

I am basically trying to do a simple port forward to a nodeport.

sudo iptables -t nat -A PREROUTING -p tcp --dport 27000 -j REDIRECT --to-port 30000

But for some reason it doesn’t work.

If I try to do something like

sudo iptables -t nat -A PREROUTING -p tcp --dport 29000 -j REDIRECT --to-port 22

Then it works as expected.

If I connect to port 30000 from a remote host it also works, so its just the ‘port forward’ to the ‘node port’ that isn’t working.

Can anyone help me understand what I am missing?

I am running this on a ‘rancher 2’ custom cluster with Canal as network provider. (kubernetes 1.12.3-rancher1-1).

I’m seeing a very similar thing, I can’t get a basic iptable port forwarding rule to forward from port 80 to a node port. But when I tested the same approach to forward to 22 it worked…

Did you ever come up with a solution to this issue?

Look at #24 at https://www.thegeekstuff.com/2011/06/iptables-rules-examples/

24. Port Forwarding

The following example routes all traffic that comes to the port 442 to 22. This means that the incoming ssh connection can come from both port 22 and 422.

iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to [192.168.102.37:22](http://192.168.102.37:22)

If you do the above, you also need to explicitly allow incoming connection on the port 422.

iptables -A INPUT -i eth0 -p tcp --dport 422 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 422 -m state --state ESTABLISHED -j ACCEPT