iptables配置——NAT地址转换
http://hi.baidu.com/gaocher/blog/item/fe66d0ee08940a3727979100.html
iptables -t nat -A POSTROUTING –o eth1 –s 192.168.1.0/24 –j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE |
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 你的eth0地址 |
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE |
外部接口ip:210.83.2.206 内部接口ip:192.168.1.1 ftp服务器 : ip 192.168.1.3 web服务器 : ip 192.168.1.4 |
iptables -t nat -A PREROUTING -d 210.83.2.206 -p tcp --dport 21 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -d 210.83.2.206 -p tcp --dport 80 -j DNAT --to 192.168.1.4 |
iptables –t nat –A PREROUTING –d 219.142.217.161 –j DNAT --to-destination 192.168.1.24-192.168.1.25 |
iptables -t nat -A PREROUTING -p tcp -d 216.94.87.37 --dport 2121 -j DNAT --to-destination 192.168.100.125:21 |
iptables -t nat -A POSTROUTING -p tcp -s 192.168.100.125 --sport 21 -j SNAT --to-source 216.94.87.37:2121 |
/sbin/iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -o $WAN_INT -j SNAT --to 124.126.86.137 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 2022 -j DNAT --to-destination 10.4.3.150:22 |
/sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9000 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9001 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 22 -j ACCEPT ##########NAT CHAIN############### /sbin/iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -o $WAN_INT -j SNAT --to 124.126.86.137 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 2022 -j DNAT --to-destination 10.4.3.150:22 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9001 -j DNAT --to-destination 10.4.3.150:9001 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9000 -j DNAT --to-destination 10.4.3.150:9000 |
/sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9000 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9001 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 2022 -j ACCEPT ##########NAT CHAIN############### /sbin/iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -o $WAN_INT -j SNAT --to 124.126.86.137 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 2022 -j DNAT --to-destination 10.4.3.150:22 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9001 -j DNAT --to-destination 10.4.3.150:9001 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9000 -j DNAT --to-destination 10.4.3.150:9000 |
/sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9000 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 9001 -j ACCEPT /sbin/iptables -A FORWARD -i $WAN_INT -m state --state NEW -p tcp --dport 22 -j ACCEPT |
iptables –t nat –A POSTROUTING –s 192.168.1.0 –j SNAT --to-source 219.142.217.161- 219.142.217.166 |
iptables –t nat –A POSTROUTING -p tcp,udp –s 192.168.1.0 –j SNAT --to-source 219.142.217.161:1024-32000 |
iptables –A POSTROUTING –o eth1 –s 192.168.1.0/24 –j MASQUERADE --to-ports 1024-30000 |
/sbin/iptables -t nat -A POSTROUTING -s 10.4.0.0/16 -o $WAN_INT -j SNAT --to 124.126.86.137 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 2022 -j DNAT --to-destination 10.4.3.150:22 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9001 -j DNAT --to-destination 10.4.3.150:9001 /sbin/iptables -t nat -A PREROUTING -d 124.126.86.138 -p tcp --dport 9000 -j DNAT --to-destination 10.4.3.150:9000 |
/sbin/iptables -t nat -A POSTROUTING -d 10.4.3.150 -j SNAT --to 10.4.0.198 把发往内部server ip 10.4.3.150的包的源地址改成FW内网口地址10.4.0.198 这样就能从内部访问内部SERVER的外部地址 |