首页 运维 正文
iptables 端口转发

 2022-10-23    318  

iptables是一款好用的系统工具,本文讲下iptables 端口转发

  我首先运行以下script

iptables 端口转发

  #filename gw.sh

  PATH=$PATH:/usr/sbin:/sbin

  echo "1" >/proc/sys/net/ipv4/ip_forward

  modprobe ip_tables

  modprobe ip_nat_ftp

  modprobe ip_conntrack_ftp

  iptables -F INPUT

  iptables -F FORWARD

  iptables -F POSTROUTING -t nat

  iptables -F PREROUTING -t nat

  iptables -P FORWARD DROP

  iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT

  iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

  iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE

  iptables -t nat -A PREROUTING -p tcp -d 192.168.1.201 –dport 80 -j DNAT –to 10.0.0.2:80

  iptables -A FORWARD -p tcp -d 192.168.1.201 –dport 80 -j ACCEPT

  iptables -A FORWARD -p tcp -d 10.0.0.2 –dport 80 -j ACCEPT

  然后在外部访问,没问题。

  然后我改了一下这个script:

  #filename gw.sh

  PATH=$PATH:/usr/sbin:/sbin

  echo "1" >/proc/sys/net/ipv4/ip_forward

  modprobe ip_tables

  modprobe ip_nat_ftp

  modprobe ip_conntrack_ftp

  iptables -F INPUT

  iptables -F FORWARD

  iptables -F POSTROUTING -t nat

  iptables -F PREROUTING -t nat

  iptables -P FORWARD DROP

  iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT

  iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

  iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE

  iptables -t nat -A PREROUTING -p tcp -d 192.168.1.201 –dport 8000 -j DNAT –to 10.0.0.2:80

  iptables -A FORWARD -p tcp -d 192.168.1.201 –dport 8000 -j ACCEPT

  iptables -A FORWARD -p tcp -d 10.0.0.2 –dport 80 -j ACCEPT

  #!/bin/sh

  PATH=$PATH:/usr/sbin:/sbin

  echo "1" >/proc/sys/net/ipv4/ip_forward

  modprobe ip_tables

  modprobe ip_nat_ftp

  modprobe ip_conntrack_ftp

  iptables -F INPUT

  iptables -F FORWARD

  iptables -F POSTROUTING -t nat

  iptables -F PREROUTING -t nat

  iptables -P FORWARD DROP

  iptables -t nat -P PREROUTING DROP

  iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT

  iptables -A FORWARD -i eth0 -m state –state ESTABLISHED,RELATED -j ACCEPT

  iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/24 -j MASQUERADE

  iptables -t nat -A PREROUTING -p tcp -d 192.168.1.201 –dport 81 -j DNAT –to 10.0.

  0.2:80

  iptables -A FORWARD -p tcp -d 10.0.0.2 –dport 80 -j ACCEPT

  iptables -t nat -A PREROUTING -p tcp -d 192.168.1.201 –dport 21 -j DNAT –to 10.0.

  0.2:21

  iptables -A FORWARD -p tcp -d 10.0.0.2 –dport 21 -j ACCEPT

#p#

  看一我的规则:

  [root@redhat unixboy]# /sbin/iptables -L

  Chain INPUT (policy ACCEPT)

  target prot opt source destination

  Chain FORWARD (policy DROP)

  target prot opt source destination

  ACCEPT all — 10.0.0.0/24 anywhere

  ACCEPT all — anywhere anywhere state RELATED,ESTABLISHED

  ACCEPT tcp — anywhere 10.0.0.2 tcp dpt:http

  ACCEPT tcp — anywhere 10.0.0.2 tcp dpt:ftp

  Chain OUTPUT (policy ACCEPT)

  target prot opt source destination

  [root@redhat unixboy]# /sbin/iptables -L -t nat

  Chain PREROUTING (policy DROP)

  target prot opt source destination

  DNAT tcp — anywhere 192.168.1.201 tcp dpt:81 to:10.0.0.2:80

  DNAT tcp — anywhere 192.168.1.201 tcp dpt:ftp to:10.0.0.2:21

  Chain POSTROUTING (policy ACCEPT)

  target prot opt source destination

  MASQUERADE all — 10.0.0.0/24 anywhere

  Chain OUTPUT (policy ACCEPT)

  target prot opt source destination

发表评论:

原文链接:https://77isp.com/post/8114.html

=========================================

https://77isp.com/ 为 “云服务器技术网” 唯一官方服务平台,请勿相信其他任何渠道。

热门文章
热门标签
最新留言
友情链接

首页 IT运维空间 网云互联 1818IP网

本站资源均来自原创及互联网,仅供学习与参考,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

苏ICP备2022008373号-1