标签:iptables
1.1.准备两台虚拟机A和B。A:两块网卡。
网卡ens33:192.168.231.128,可以联通外网
网卡ens37:192.168.100.1,只可以访问内网
B:一块网卡
网卡ens37:192.168.100.100,只可以访问内网
1.2.打开A机器的网络转发功能
[root@test_01 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@test_01 ~]# echo "1" > !$
echo "1" > /proc/sys/net/ipv4/ip_forward
/proc/sys/net/ipv4/ip_forward文件默认值为0,表示未开启
1.3.在A机器添加如下iptables规则来通过A转发流量
[root@test_01 ~]# iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADE
1.4.查看规则内容
[root@test_01 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11 892 PREROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
11 892 PREROUTING_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
11 892 PREROUTING_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
94 7094 OUTPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
94 7094 POSTROUTING_direct all -- * * 0.0.0.0/0 0.0.0.0/0
94 7094 POSTROUTING_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
94 7094 POSTROUTING_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * ens33 192.168.100.0/24 0.0.0.0/0
1.5.在B及其设置A的IP未默认网关
default add default gw 192.168.100.1
1.6.在B机器上设置DNS服务器
编辑/etc/resolv.conf文件添加dns服务器地址
1.7设置端口转发规则
[root@test_01 ~]# iptables -t nat -A PREROUTING -d 192.168.231.128 -p tcp --dport 1122 -j DNAT --to 192.168.100.100:22 [root@test_01 ~]# iptables -t nat -A POSTROUTING -s 192.168.100.100 -j SNAT --to 192.168.231.128
标签:iptables
原文地址:http://blog.51cto.com/lavender7n/2046276
