• iptables-nat实现反向代理功能

    一、服务器信息

    1、客户端ip:192.168.110.57

    2、代理服务器ip:192.168.110.56

    3、真实服务器ip:192.168.110.63

     

    二、需求

    1、实现客户端访问代理服务器192.168.110.56的8000-8005端口的时候转发到真实服务器192.168.110.63上的8000-8005端口(类似于nginx的tcp代理)

    2、实现客户端访问代理服务器192.168.110.56上的80端口的时候转发到真实服务器192.168.110.63上的80端口(类似于nginx的域名代理)

    三、具体操作如下:(在代理服务器192.168.110.56机器上进行iptables的相关规则配置)

    1、开启ip的路由转发功能

    (1)方法一:(临时生效)

    [root@i-ekowjial ~]# echo 1>/proc/sys/net/ipv4/ip_forward

    (2)方法二:(永久生效)

    [root@i-ekowjial ~]# vim /etc/sysctl.conf

net.ipv4.ip_forward = 1         #此处数值默认为0不开启,修改为1保存退出

[root@i-ekowjial ~]# sysctl -p  #使得修改生效

    2、设置iptables的转发规则(需求一)

    (1)实现8000-8005的端口转发

    [root@i-ekowjial ~]# iptables -t nat -A PREROUTING -d 192.168.110.56/32 -p tcp -m tcp --dport 8000:8005 -j DNAT --to-destination  192.168.110.63

 

[root@i-ekowjial ~]# iptables -t nat -A POSTROUTING -d 192.168.110.63/32 -p tcp -m tcp --dport 8000:8005 -j SNAT --to-source 192.168.110.56

 

[root@i-dnbahrtz ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 8000:8005 -j ACCEPT

     

    (2)保存防火墙规则

    [root@i-dnbahrtz ~]# iptables-save > /etc/sysconfig/iptables

    (3)重启防火墙

    [root@i-dnbahrtz ~]# /etc/init.d/iptables restart

    (4)在客户端测试真实服务器192.168.110.63上的8000到8005是否对外开放,没有的话需要开放之后再测试

    [root@192.168.110.57 ~]# nc -z -w 1 192.168.110.63  8000-8005

Connection to 192.168.110.63 8000 port [tcp/irdmi] succeeded!

Connection to 192.168.110.63 8001 port [tcp/vcom-tunnel] succeeded!

Connection to 192.168.110.63 8002 port [tcp/teradataordbms] succeeded!

Connection to 192.168.110.63 8003 port [tcp/mcreport] succeeded!

Connection to 192.168.110.63 8004 port [tcp/*] succeeded!

Connection to 192.168.110.63 8005 port [tcp/mxi] succeeded!

[root@192.168.110.57 ~]#

      

    测试真实服务器上的端口是开放的,接下来我们测试代理服务器上配置端口转发是否成功

    (5)在客户端测试代理服务器192.168.110.56上的8000到8005端口是否可以成功请求

    [root@192.168.110.57 ~]# nc -z -w 1 192.168.110.56  8000-8005

Connection to 192.168.110.56 8000 port [tcp/irdmi] succeeded!

Connection to 192.168.110.56 8001 port [tcp/vcom-tunnel] succeeded!

Connection to 192.168.110.56 8002 port [tcp/teradataordbms] succeeded!

Connection to 192.168.110.56 8003 port [tcp/mcreport] succeeded!

Connection to 192.168.110.56 8004 port [tcp/*] succeeded!

Connection to 192.168.110.56 8005 port [tcp/mxi] succeeded!

[root@192.168.110.57 ~]#

      

     

    3、设置iptables的转发规则(需求二)

    (1)实现80端口到80端口的转发

    [root@i-ekowjial ~]# iptables -t nat -A PREROUTING -d 192.168.110.56/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination  192.168.110.63:80

 

[root@i-ekowjial ~]# iptables -t nat -A POSTROUTING -d 192.168.110.63/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.110.56

 

[root@i-dnbahrtz ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

      

     

    (2)实现443端口到80端口的转发

    [root@i-ekowjial ~]# iptables -t nat -A PREROUTING -d 192.168.110.56/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination  192.168.110.63:80

 

[root@i-ekowjial ~]# iptables -t nat -A POSTROUTING -d 192.168.110.63/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 192.168.110.56

 

[root@i-dnbahrtz ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

    (3)保存防火墙规则

    [root@i-dnbahrtz ~]# iptables-save > /etc/sysconfig/iptables

     

    (4)重启防火墙

    [root@i-dnbahrtz ~]# /etc/init.d/iptables restart

     

    (5)客户端测试

    [root@192.168.110.57 ~]# nc -z -w 1 192.168.110.56  443

Connection to 192.168.110.56 443 port [tcp/irdmi] succeeded!

[root@192.168.110.57 ~]# nc -z -w 1 192.168.110.56  80

Connection to 192.168.110.56 80 port [tcp/irdmi] succeeded!

    转载请注明出处: http://www.cnblogs.com/bazingafraser/p/8549620.html 
  • 相关阅读:
    爬虫大作业
    数据结构化与保存
    爬取校园新闻首页的新闻
    爬取校园新闻
    网络爬虫基础练习
    中文词频统计
    在线检测网页在各种浏览器的打开效果
    Tomcat内存设置详解
    as3.0 [Embed]标签嵌入外部资源
    Flex学习总结
  • 原文地址:https://www.cnblogs.com/bazingafraser/p/8549620.html
Copyright © 2020-2023  润新知