A Linux edge router that uses iptables has two interfaces: eth0 (public 198.51.100.2/30) and eth1 (private 10.10.10.1/24). A Git service is listening on 10.10.10.42 TCP port 3000. External clients must be able to connect to 198.51.100.2 on TCP port 443 and transparently reach the Git service. IP forwarding is already enabled. Which single iptables command correctly performs the required address translation?
The task requires destination NAT, because packets addressed to the public IP must be rewritten so their destination becomes the internal host and port before the routing decision is made. The nat table's PREROUTING chain is evaluated as packets arrive, and the DNAT target with --to-destination accomplishes this translation. A SNAT rule in POSTROUTING would alter the source address, not the destination. Merely accepting the traffic in the FORWARD chain allows forwarding but performs no translation. MASQUERADE is a source-NAT target that is only valid in the nat table's POSTROUTING chain, so using it in OUTPUT is invalid and would not achieve the required port-forwarding.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is destination NAT (DNAT) in iptables?
Open an interactive chat with Bash
How does the PREROUTING chain function in iptables?
Open an interactive chat with Bash
What is the difference between SNAT and DNAT in iptables?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access