将本地接口IP 61.144.a.b 的3389端口 转发到 116.6.c.d的3389 (主要访问到61.144.a.b的3389端口,就会跳转到116.6.c.d的3389)
【步骤】
1、 首先应该做的是/etc/sysctl.conf配置文件的 net.ipv4.ip_forward = 1 默认是0 这样允许iptalbes FORWARD。
2、 service iptables stop 关闭防火墙
3、 重新配置规则
iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 3389 -j DNAT –to-destination 116.
6.c.d:3389
iptables -t nat -A POSTROUTING –dst 116.6.c.d -p tcp –dport 3389 -j SNAT –to-source 61.144.a.b
service iptables save
将当前规则保存到 /etc/sysconfig/iptables
若你对这个文件很熟悉直接修改这里的内容也等于命令行方式输入规则。
5、 启动iptables 服务, service iptables start
可以写进脚本,设备启动自动运行;
# vi /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
sh /root/myshipin.log
———————————————————————
vi myshipin.log
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don’t
# want to do the full Sys V style init stuff.
iptables -F -t nat
iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 3389 -j DNAT –to-destination 116.6.c.d:3389
iptables -t nat -A POSTROUTING –dst 116.6.a.b -p tcp –dport 3389 -j SNAT –to-source 61.144.c.d
~
—————————————————————-
TCP
iptables -t nat -A PREROUTING –dst 61.144.a.b -p tcp –dport 9304 -j DNAT –to-destination 10.94.a.b:9304
iptables -t nat -A POSTROUTING –dst 10.94.a.b -p tcp –dport 9304 -j SNAT –to-source 61.144.a.b
UDP
iptables -t nat -A PREROUTING –dst 61.144.a.b -p udp –dport 9305 -j DNAT –to-destination 10.94.a.b:9305
iptables -t nat -A POSTROUTING –dst 10.94.a.b -p udp –dport 9305 -j SNAT –to-source 61.144.a.b