- #!/bin/bash
- ###################### For Test ###################
- ### 10.3.0.204 #####
- ##219.148.*.*:8080-->172.16.0.90:8080-------------->10.3.0.2:5902 ####
- ###########################################################################
- /sbin/iptables -F -t nat
- echo "1">/proc/sys/net/ipv4/ip_forward
- /sbin/iptables -t nat -A PREROUTING -i eth1 -d 172.16.0.90 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 10.3.0.2:5902
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -d 10.3.0.2 -p tcp -m tcp --dport 5902 -j SNAT --to 10.3.0.204
- ###################### For Production ############
- ### 10.3.0.204 ####
- ##219.148.*.*:80-->172.16.0.90:80----------------->10.3.0.3:7001 ####
- ##########################################################################
- /sbin/iptables -t nat -A PREROUTING -i eth1 -d 172.16.0.90 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.3.0.3:7001
- /sbin/iptables -t nat -A POSTROUTING -o eth0 -d 10.3.0.3 -p tcp -m tcp --dport 7001 -j SNAT --to 10.3.0.204
上面的解释为:
从外面进来eth1口的流量
从eht0口出去的流量
eth0 Link encap:Ethernet HWaddr 00:22:19:A9:58:A5
inet addr:10.3.0.204 Bcast:10.3.0.255 Mask:255.255.255.0 目标地址172.3.0.3:7001
eth1 Link encap:Ethernet HWaddr 00:22:19:A9:58:A7
inet addr:172.16.0.90 Bcast:172.16.0.95 Mask:255.255.255.224
[root@118114 ~]# iptables -t nat -vnL
Chain PREROUTING (policy ACCEPT 3 packets, 510 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 172.16.0.90 tcp dpt:8080 to:10.3.0.2:5902
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 172.16.0.90 tcp dpt:80 to:10.3.0.3:7001
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- * eth0 0.0.0.0/0 10.3.0.2 tcp dpt:5902 to:10.3.0.204
0 0 SNAT tcp -- * eth0 0.0.0.0/0 10.3.0.3 tcp dpt:7001 to:10.3.0.204
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
同时开启转发
echo "1" > /proc/sys/net/ipv4/ip_forward
转载于:https://blog.51cto.com/hx100/397463