端口映射
#10.160.1.101:80 -> 173.45.xx.xx:8000 #10.160.1.102:80 -> 173.45.xx.xx:8001 -A PREROUTING -p tcp -m tcp --dport 8000 -j DNAT --to-destination 10.160.1.101:80 -A PREROUTING -p tcp -m tcp --dport 8001 -j DNAT --to-destination 10.160.1.102:80 -A POSTROUTING -d 10.160.1.101/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 173.45.xx.xx -A POSTROUTING -d 10.160.1.102/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 173.45.xx.xx -A POSTROUTING -s 10.160.1.0/24 -o em2 -j MASQUERADE *filter :INPUT DROP [0:0] :FORWARD ACCEPT [36:2960] :OUTPUT ACCEPT [43:3474] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/s -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 29922 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5669 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8002 -j ACCEPT -A INPUT -s 10.150.1.0/24 -p tcp -j ACCEPT -A INPUT -s 69.169.34.0/24 -p tcp -j ACCEPT -A INPUT -s 10.150.1.0/24 -p udp -j ACCEPT -A INPUT -s 69.169.34.0/24 -p udp -j ACCEPT COMMIT *nat :PREROUTING ACCEPT [36:3012] :POSTROUTING ACCEPT [15:902] :OUTPUT ACCEPT [14:862] -A PREROUTING -p tcp -m tcp --dport 8002 -j DNAT --to-destination 10.150.1.103:80 -A POSTROUTING -d 10.150.1.103/32 -p tcp -m tcp --dport 80 -j SNAT --to-source 69.169.34.xx -A POSTROUTING -s 10.150.1.0/24 -o em2 -j SNAT --to-source 69.169.34.xx COMMITip双向映射
iptables -t nat -A PREROUTING -d 69.xxx.34.117 -j DNAT --to 10.150.1.91 iptables -t nat -A POSTROUTING -s 10.150.1.91 -j SNAT --to 69.xxx.34.117 iptables -t nat -A PREROUTING -d 69.xxx.34.118 -j DNAT --to 10.150.1.92 iptables -t nat -A POSTROUTING -s 10.150.1.92 -j SNAT --to 69.xxx.34.118 iptables -t nat -A PREROUTING -d 69.xxx.34.119 -j DNAT --to 10.150.1.93 iptables -t nat -A POSTROUTING -s 10.150.1.93 -j SNAT --to 69.xxx.34.119 posted on 2016-05-18 18:01 北京涛子 阅读( ...) 评论( ...) 编辑 收藏转载于:https://www.cnblogs.com/liujitao79/p/5506082.html
