centos6.5 iptables实现端口转发

将本地接口IP 61.144.a.b 的3389端口 转发到 116.6.c.d的3389      (主要访问到61.144.a.b的3389端口,就会跳转到116.6.c.d的3389)



【步骤】

1、 首先应该做的是/etc/sysctl.conf配置文件的 net.ipv4.ip_forward = 1 默认是0    这样允许iptalbes FORWARD。

2、 service iptables stop  关闭防火墙

3、 重新配置规则



iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 3389 -j DNAT –to-destination 116.

6.c.d:3389



iptables -t nat -A POSTROUTING –dst 116.6.c.d -p tcp –dport 3389 -j SNAT –to-source 61.144.a.b



service iptables save    



        将当前规则保存到 /etc/sysconfig/iptables

        若你对这个文件很熟悉直接修改这里的内容也等于命令行方式输入规则。

5、 启动iptables 服务, service iptables start





可以写进脚本,设备启动自动运行;





# vi /etc/rc.local 

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don’t

# want to do the full Sys V style init stuff.



touch /var/lock/subsys/local



sh /root/myshipin.log

———————————————————————

vi myshipin.log 

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don’t

# want to do the full Sys V style init stuff.



iptables -F -t nat

iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 3389 -j DNAT –to-destination 116.6.c.d:3389

iptables -t nat -A POSTROUTING –dst 116.6.a.b -p tcp –dport 3389 -j SNAT –to-source 61.144.c.d

~

—————————————————————-

TCP



iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 9304 -j DNAT –to-destination 10.94.a.b:9304

iptables -t nat -A POSTROUTING –dst 10.94.a.b -p tcp –dport 9304 -j SNAT –to-source 61.144.a.b



UDP

iptables -t nat -A PREROUTING –dst 61.144.a.b -p udp –dport 9305 -j DNAT –to-destination 10.94.a.b:9305

iptables -t nat -A POSTROUTING –dst 10.94.a.b -p udp –dport 9305 -j SNAT –to-source 61.144.a.b

发表评论

您的电子邮箱地址不会被公开。