5月 222014
 

iptables10.20.30.40:43306->192.168.1.100:43306->192.168.1.200:3306

[root@linuxcache ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@linuxcache ~]#

[root@linuxcache ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@linuxcache ~]# vi /etc/rc.local
echo 1 > /proc/sys/net/ipv4/ip_forward

增加防火墙规则
[root@linuxcache ~]# iptables -I INPUT -p tcp –dport 22 -j ACCEPT
[root@linuxcache ~]# iptables -I INPUT -p tcp –dport 21 -j ACCEPT
[root@linuxcache ~]# iptables -I INPUT -p tcp –dport 80 -j ACCEPT
[root@linuxcache ~]# iptables -I INPUT -p udp –dport 161 -j ACCEPT

[root@linuxcache ~]# iptables -t nat -A PREROUTING -p tcp –dport 43306 -j DNAT –to-destination 192.168.1.200:3306
[root@linuxcache ~]# iptables -t nat -A POSTROUTING -p tcp –dport 3306 -d 192.168.1.200 -j SNAT –to 192.168.1.100
[root@linuxcache ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 udp dpt:161
2 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
4 ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:22

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:43306 to:192.168.1.200:3306

Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT tcp — 0.0.0.0/0 192.168.1.200 tcp dpt:3306 to:192.168.1.100

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

[root@linuxcache ~]#