SSH Port forwarding in Linux using IPTables

Port forwarding can be done using IPTables using DNAT. I had a requirement in my enterprise, which is shown in the below chart:

Internet --> Connections made on port 22 on Gateway machine --> re-directed to port 22 of another machine present in the private network

Here the Gateway machine as two NIC cards with one of them having a public IP, say, 202.202.202.202. The machine to which the SSH connections are forwarded are on port 22 of 192.168.1.10 which is on a private network connected via the second NIC card.

So here is how the IPTable rule should be given:

iptables -t nat -A PREROUTING -p tcp -i external_interface -d external_ip --dport 22 -j DNAT --to-destination private_ip

So as per my above example network, here is how the rule should look like:

iptables -t nat -A PREROUTING -p tcp -i eth0 -d 202.202.202.202 --dport 22 -j DNAT --to-destination 192.168.1.10

Note: Please note that the private machine to be connected must be using the same Gateway we are trying to SSH. This should be taken into consideration while port forwarding in a network using more than one Gateway machines.