2015年6月24日 – Linux Cache

[root@AY1405192126447871b3Z ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@AY1405192126447871b3Z ~]# chkconfig --list iptables
iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@AY1405192126447871b3Z ~]# chkconfig --level 35 iptables on
[root@AY1405192126447871b3Z ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT
[root@AY1405192126447871b3Z ~]# iptables -I INPUT -p tcp --dport 22 -j ACCEPT
[root@AY1405192126447871b3Z ~]# iptables -t nat -A PREROUTING -p tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389
[root@AY1405192126447871b3Z ~]# iptables -t nat -A POSTROUTING -d 10.162.222.114 -p tcp --dport 3389 -j SNAT --to 10.162.222.113
[root@AY1405192126447871b3Z ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@AY1405192126447871b3Z ~]# service iptables start
iptables: Applying firewall rules: [ OK ]
[root@AY1405192126447871b3Z ~]#
################################################
2014-05-21-1010
[root@AY1405192126447871b3Z ~]# iptables -t nat -A PREROUTING -p tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21
[root@AY1405192126447871b3Z ~]# iptables -t nat -A POSTROUTING -d 10.162.222.114 -p tcp --dport 21 -j SNAT --to 10.162.222.113
[root@AY1405192126447871b3Z ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@AY1405192126447871b3Z ~]#

验证

[root@iZ94l01jktpZ backup]# cat tarball/iptables
# Generated by iptables-save v1.4.7 on Wed May 21 10:09:55 2014
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389
-A PREROUTING -p tcp -m tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21
-A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 3389 -j SNAT --to-source 10.162.222.113
-A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 21 -j SNAT --to-source 10.162.222.113
COMMIT
# Completed on Wed May 21 10:09:55 2014
# Generated by iptables-save v1.4.7 on Wed May 21 10:09:55 2014
*filter
:INPUT ACCEPT [8238:602146]
:FORWARD ACCEPT [2664150:1550524495]
:OUTPUT ACCEPT [112580:10996580]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
# Completed on Wed May 21 10:09:55 2014
[root@iZ94l01jktpZ backup]#

验证2

[root@iZ94l01jktpZ backup]# cat iptables
# Generated by iptables-save v1.4.7 on Fri Jul 18 18:03:37 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20:2096]
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Jul 18 18:03:37 2014
# Generated by iptables-save v1.4.7 on Fri Jul 18 18:03:37 2014
*nat
:PREROUTING ACCEPT [383246:20660056]
:POSTROUTING ACCEPT [870932:63991735]
:OUTPUT ACCEPT [870932:63991735]
-A PREROUTING -p tcp -m tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389
-A PREROUTING -p tcp -m tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21
-A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 3389 -j SNAT --to-source 10.162.222.113
-A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 21 -j SNAT --to-source 10.162.222.113
COMMIT
# Completed on Fri Jul 18 18:03:37 2014
[root@iZ94l01jktpZ backup]#

2015 年 6 月
一	二	三	四	五	六	日
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30