iptables -t nat -A OUTPUT -m addrtype --src-type LOCAL --dst-type LOCAL -p tcp --dport 3306 -j DNAT --to-destination ip.ip.ip.ip
iptables -t nat -A POSTROUTING -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE

sysctl -w net.ipv4.conf.all.route_localnet=1

Make sure you substitute "ip.ip.ip.ip" for your real public IP and also the "--dport 3306" for the port you want to forward.

Finally run the sysctl command and also update your /etc/sysctl.conf

You can update sysctl.ctl to allow the routing of localhost with the following command:

echo "net.ipv4.conf.all.route_localnet=1" >> /etc/sysctl.conf

Now this all seems simple and good but it did take some research and hunting down.  Be warned and understand that forwarding localhost/127.0.0.1 requires this method and the typical other examples do not work.  Some examples of solutions that do not work with localhost:

iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to ip.ip.ip.ip:3306
iptables -t nat -A POSTROUTING -d ip.ip.ip.ip -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp --dport 3306 -j DNAT --to ip.ip.ip.ip
iptables -A FORWARD -p tcp -d ip.ip.ip.ip --dport 3306 -j ACCEPT
iptables -t nat -A POSTROUTING -j MASQUERADE

iptables, localhost, ipiptables, nat, output, addrtype, src, dst, tcp, dport, dnat, destination, ip, postrouting, unicast, masquerade, sysctl, ipv, conf, route_localnet, substitute, quot, update, etc, ctl, routing, echo, forwarding, requires, method, examples, solutions, prerouting,

Latest Articles