• iptable nat网关


    echo "1" > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em2 -j MASQUERADE
    

    端口映射

    #10.160.1.101:80 -> 173.45.xx.xx:8000
    #10.160.1.102:80 -> 173.45.xx.xx:8001
    
    -A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination 10.160.1.101:80
    -A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 10.160.1.102:80
    -A POSTROUTING -d 10.160.1.101/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 173.45.xx.xx
    -A POSTROUTING -d 10.160.1.102/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 173.45.xx.xx
    -A POSTROUTING -s 10.160.1.0/24 -o em2 -j MASQUERADE
    
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [36:2960]
    :OUTPUT ACCEPT [43:3474]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/s -j ACCEPT
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 29922 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 5669 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8002 -j ACCEPT
    -A INPUT -s 10.150.1.0/24 -p tcp -j ACCEPT
    -A INPUT -s 69.169.34.0/24 -p tcp -j ACCEPT
    -A INPUT -s 10.150.1.0/24 -p udp -j ACCEPT
    -A INPUT -s 69.169.34.0/24 -p udp -j ACCEPT
    COMMIT
    *nat
    :PREROUTING ACCEPT [36:3012]
    :POSTROUTING ACCEPT [15:902]
    :OUTPUT ACCEPT [14:862]
    -A PREROUTING -p tcp -m tcp --dport 8002 -j DNAT --to-destination 10.150.1.103:80
    -A POSTROUTING -d 10.150.1.103/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 69.169.34.xx
    -A POSTROUTING -s 10.150.1.0/24 -o em2 -j SNAT --to-source 69.169.34.xx
    COMMIT
    

    ip双向映射

    iptables -t nat -A PREROUTING -d 69.xxx.34.117 -j DNAT --to 10.150.1.91
    iptables -t nat -A POSTROUTING -s 10.150.1.91 -j SNAT --to 69.xxx.34.117
    
    iptables -t nat -A PREROUTING -d 69.xxx.34.118 -j DNAT --to 10.150.1.92
    iptables -t nat -A POSTROUTING -s 10.150.1.92 -j SNAT --to 69.xxx.34.118
    
    iptables -t nat -A PREROUTING -d 69.xxx.34.119 -j DNAT --to 10.150.1.93
    iptables -t nat -A POSTROUTING -s 10.150.1.93 -j SNAT --to 69.xxx.34.119
    
  • 相关阅读:
    Spring注解驱动开发(二)--组件注入
    Spring注解驱动开发(一)--项目搭建
    Font "微软雅黑" is not available to the JVM. See the Javadoc for more details.
    idea下远程debug调试
    JasperReport生成PDF文件
    Java获取系统属性和环境变量
    oracle date change
    winform webbrowser flash显示
    uploadify参数
    对COM 组件的调用返回了错误 HRESULT E_FAIL
  • 原文地址:https://www.cnblogs.com/liujitao79/p/5506082.html
Copyright © 2020-2023  润新知