转发目的
将本地接口IP 1.2.3.4的3389端口 转发到 5.6.7.8的3389 (主要访问到 1.2.3.4的3389端口,就会跳转到5.6.7.8的3389)
【步骤】
1、 首先应该做的是/etc/sysctl.conf配置文件的 net.ipv4.ip_forward = 1 默认是0 这样允许iptalbes FORWARD。
- vi /etc/sysctl.conf
2、 service iptables stop 关闭防火墙
- service iptables stop
3、 重新配置规则
- iptables –t nat –A PREROUTING —dst 1.2.3.4 –p tcp —dport 3389 –j DNAT —to–destination 5.6.7.8:3389
- iptables –t nat –A POSTROUTING —dst 5.6.7.8 –p tcp —dport 3389 –j SNAT —to–source 1.2.3.4
将当前规则保存到 /etc/sysconfig/iptables
若你对这个文件很熟悉直接修改这里的内容也等于命令行方式输入规则。
- service iptables save
5、 启动iptables 服务, service iptables start
- service iptables start
可以写进脚本,设备启动自动运行;
- # vi /etc/rc.local
- #!/bin/sh
- #
- # This script will be executed *after* all the other init scripts.
- # You can put your own initialization stuff in here if you don’t
- # want to do the full Sys V style init stuff.
- touch /var/lock/subsys/local
- sh /root/myshipin.log
- ———————————————————————
- vi myshipin.log
- #!/bin/sh
- #
- # This script will be executed *after* all the other init scripts.
- # You can put your own initialization stuff in here if you don’t
- # want to do the full Sys V style init stuff.
- iptables –F –t nat
- iptables –t nat –A PREROUTING —dst 61.144.a.b –p tcp —dport 3389 –j DNAT —to–destination 116.6.c.d:3389
- iptables –t nat –A POSTROUTING —dst 116.6.a.b –p tcp —dport 3389 –j SNAT —to–source 61.144.c.d
- ~
- —————————————————————-
- TCP
- iptables –t nat –A PREROUTING —dst 61.144.a.b –p tcp —dport 9304 –j DNAT —to–destination 10.94.a.b:9304
- iptables –t nat –A POSTROUTING —dst 10.94.a.b –p tcp —dport 9304 –j SNAT —to–source 61.144.a.b
- UDP
- iptables –t nat –A PREROUTING —dst 61.144.a.b –p udp —dport 9305 –j DNAT —to–destination 10.94.a.b:9305
- iptables –t nat –A POSTROUTING —dst 10.94.a.b –p udp —dport 9305 –j SNAT —to–source 61.144.a.b
另:
iptables配置文件的位置:/etc/sysconfig/iptables 外网地址发变化在配置文件里修改就可以了。