防火墙
[root@zhong ~]# iptables -t nat -I POSTROUTING -s 192.168.100.1/24 -o ens36 -j SNAT --to-source 192.168.200.120
[root@zhong ~]# iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.100.0/24 anywhere to:192.168.200.120
[root@zhong ~]# ping 192.168.200.130
PING 192.168.200.130 (192.168.200.130) 56(84) bytes of data.
64 bytes from 192.168.200.130: icmp_seq=1 ttl=64 time=0.287 ms
64 bytes from 192.168.200.130: icmp_seq=2 ttl=64 time=0.436 ms
[root@zhong ~]# iptables -t nat -A PREROUTING -i ens36 -d 192.168.200.120 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.110
[root@zhong ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere server2 tcp dpt:http to:192.168.100.110
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.100.0/24 anywhere to:192.168.200.120
客户机内网安装测试
[root@yi ~]# yum -y install httpd
[root@yi ~]# echo "this is my dog." > /var/www/html/index.html
[root@yi ~]# systemctl start httpd
[root@yi ~]# systemctl stop firewalld
[root@yi ~]# setenforce 0
[root@yi ~]# netstat -anpt | grep httpd
tcp6 0 0 :::80 :::* LISTEN 55966/httpd 中间防火墙
客户机外网访问
[root@er ~]# curl http://192.168.200.120
this is my dog.