iptables 端口转发功能简单例子

1.清空已有的清除预设表filter中的所有规则链的规则和filter中使用者自定链中的规则

root@localhost bin]# iptables -F
[root@localhost bin]# iptables -X

2,设置端口转发功能,将192.168.91.129 10001端口的请求转发到 192.168.91.129的8080端口

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp -i eno16777736 -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080




3,查看定义的规则

[root@localhost bin]# iptables -t nat -L -n --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  --  0.0.0.0/0            192.168.91.129       tcp dpt:10001 to:192.168.91.129:8080


4,现在可以在外部通过10001端口访问了。但在本机无法访问。需要执行下面的命令

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp  -i lo  -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080
[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080
[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080

5,看到下面的结果即成功(80端口要部署好应用)

[root@localhost bin]# wget http://127.0.0.1:10001
--2015-06-10 05:04:27--  http://127.0.0.1:10001/
Connecting to 127.0.0.1:10001... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.3’

    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      

2015-06-10 05:04:27 (51.4 MB/s) - ‘index.html.3’ saved [11230]

[root@localhost bin]# wget http://192.168.91.129:10001
--2015-06-10 05:04:42--  http://192.168.91.129:10001/
Connecting to 192.168.91.129:10001... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.4’

    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      

2015-06-10 05:04:42 (265 MB/s) - ‘index.html.4’ saved [11230]






备注:1,删除指定的规则。PREROUTING 后面的数字数  iptables -t nat -L -n --line-numbers查的编号

[root@localhost bin]# iptables -t nat -D PREROUTING 1

2,系统的ip转发功能:echo 1 > /proc/sys/net/ipv4/ip_forward

3,redhat7防火墙关闭

防火墙关闭
root@localhost Desktop]# systemctl stop firewalld.service 
[root@localhost Desktop]# systemctl status firewalld.service 
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: inactive (dead) since Tue 2015-06-09 21:58:35 EDT; 11s ago
  Process: 981 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 981 (code=exited, status=0/SUCCESS)

Jun 09 21:47:21 localhost.localdomain systemd[1]: Started firewalld - dynamic...
Jun 09 21:58:34 localhost.localdomain systemd[1]: Stopping firewalld - dynami...
Jun 09 21:58:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic...
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost Desktop]# firewall-c
firewall-cmd     firewall-config  
[root@localhost Desktop]# firewall-cmd --reload
FirewallD is not running


你可能感兴趣的:(linux)