iptables 端口转发功能简单例子

最新推荐文章于 2024-09-18 08:53:05 发布

追寻北极

最新推荐文章于 2024-09-18 08:53:05 发布

阅读量7.9k

点赞数

分类专栏： linux

本文链接：https://blog.csdn.net/joeyon1985/article/details/46444025

版权

linux 专栏收录该内容

199 篇文章 0 订阅

订阅专栏

1.清空已有的清除预设表filter中的所有规则链的规则和filter中使用者自定链中的规则

root@localhost bin]# iptables -F
[root@localhost bin]# iptables -X

2，设置端口转发功能，将192.168.91.129 10001端口的请求转发到 192.168.91.129的8080端口

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp -i eno16777736 -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080

3,查看定义的规则

[root@localhost bin]# iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  --  0.0.0.0/0            192.168.91.129       tcp dpt:10001 to:192.168.91.129:8080

4，现在可以在外部通过10001端口访问了。但在本机无法访问。需要执行下面的命令

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp  -i lo  -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080
[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080
[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080

5，看到下面的结果即成功(80端口要部署好应用)

[root@localhost bin]# wget http://127.0.0.1:10001
--2015-06-10 05:04:27--  http://127.0.0.1:10001/
Connecting to 127.0.0.1:10001... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.3’

    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      

2015-06-10 05:04:27 (51.4 MB/s) - ‘index.html.3’ saved [11230]

[root@localhost bin]# wget http://192.168.91.129:10001
--2015-06-10 05:04:42--  http://192.168.91.129:10001/
Connecting to 192.168.91.129:10001... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.4’

    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      

2015-06-10 05:04:42 (265 MB/s) - ‘index.html.4’ saved [11230]

备注：1，删除指定的规则。PREROUTING 后面的数字数 iptables -t nat -L -n --line-numbers查的编号

[root@localhost bin]# iptables -t nat -D PREROUTING 1

2，系统的ip转发功能：echo 1 > /proc/sys/net/ipv4/ip_forward

3，redhat7防火墙关闭

防火墙关闭
root@localhost Desktop]# systemctl stop firewalld.service 
[root@localhost Desktop]# systemctl status firewalld.service 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Tue 2015-06-09 21:58:35 EDT; 11s ago
  Process: 981 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 981 (code=exited, status=0/SUCCESS)

Jun 09 21:47:21 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Jun 09 21:58:34 localhost.localdomain systemd[1]: Stopping firewalld - dynami...
Jun 09 21:58:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost Desktop]# firewall-c
firewall-cmd     firewall-config  
[root@localhost Desktop]# firewall-cmd --reload
FirewallD is not running