{"id":96,"date":"2021-03-26T12:34:03","date_gmt":"2021-03-26T04:34:03","guid":{"rendered":"https:\/\/www.johntitorblog.com\/?p=96"},"modified":"2021-03-26T12:34:03","modified_gmt":"2021-03-26T04:34:03","slug":"centos6%e7%94%a8iptables%e5%ae%9e%e7%8e%b0%e7%ab%af%e5%8f%a3-%e7%ab%af%e5%8f%a3%e6%ae%b5%e8%bd%ac%e5%8f%91","status":"publish","type":"post","link":"https:\/\/www.johntitorblog.com\/?p=96","title":{"rendered":"CentOS6\u7528iptables\u5b9e\u73b0\u7aef\u53e3\/\u7aef\u53e3\u6bb5\u8f6c\u53d1"},"content":{"rendered":"\n<p class=\"has-extra-small-font-size\"><strong>\u4ee5\u4e0b\u4ee3\u7801\u7684\u4f5c\u7528\u662f\u628a\u672c\u673a\u6307\u5b9a\u7aef\u53e3\u6d41\u91cf\u8f6c\u53d1\u5230\u76ee\u6807\u670d\u52a1\u5668\u4e0a\u3002<\/strong><\/p>\n\n\n\n<p class=\"has-extra-small-font-size\"><code><br>\u5fc5\u987b\u5148\u5f00\u542f\u670d\u52a1\u5668\u7684\u8f6c\u53d1\u529f\u80fd\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u8f93\u5165 vi \/etc\/sysctl.conf \u7136\u540e\u627e\u5230 net.ipv4.ip_forward = 0 \u4fee\u6539\u4e3a net.ipv4.ip_forward = 1 \u968f\u540e\u4fdd\u5b58\u3002<\/code><\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u6267\u884c sysctl -p \u6765\u4f7f\u66f4\u6539\u751f\u6548\u3002<\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u7136\u540e\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u6dfb\u52a0iptables\u8f6c\u53d1\u89c4\u5219<\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u3010\u5355\u7aef\u53e3\u8f6c\u53d1\u3011<\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">i<code>ptables -t nat -A PREROUTING -p tcp --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u53f7] -j DNAT --to-destination [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP]<br>iptables -t nat -A PREROUTING -p udp --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u53f7] -j DNAT --to-destination [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP]<br>iptables -t nat -A POSTROUTING -p tcp -d [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP] --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u53f7] -j SNAT --to-source [\u672c\u673aIP]<br>iptables -t nat -A POSTROUTING -p udp -d [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP] --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u53f7] -j SNAT --to-source [\u672c\u673aIP]<\/code><\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u3010\u7aef\u53e3\u6bb5\u8f6c\u53d1\u3011\uff0c\u6817\u5b50\uff1a\u8f6c\u53d110000\u523020000\u8fd9\u4e2a\u7aef\u53e3\u6bb5\uff0c\u5219\u586b10000:20000<\/p>\n\n\n\n<p class=\"has-extra-small-font-size\"><code>iptables -t nat -A PREROUTING -p tcp --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u6bb5] -j DNAT --to-destination [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP]<br>iptables -t nat -A PREROUTING -p udp --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u6bb5] -j DNAT --to-destination [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP]<br>iptables -t nat -A POSTROUTING -p tcp -d [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP] --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u6bb5] -j SNAT --to-source [\u672c\u673aIP]<br>iptables -t nat -A POSTROUTING -p udp -d [\u8981\u8f6c\u53d1\u7684\u670d\u52a1\u5668IP] --dport [\u8981\u8f6c\u53d1\u7684\u7aef\u53e3\u6bb5] -j SNAT --to-source [\u672c\u673aIP]<\/code><\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u67e5\u770b\u6dfb\u52a0\u7684\u89c4\u5219<br><code>iptables -t nat -vnL POSTROUTING --line-number<br>iptables -t nat -vnL PREROUTING --line-number<\/code><\/p>\n\n\n\n<p class=\"has-extra-small-font-size\">\u6700\u540e\u4fdd\u5b58\u89c4\u5219\u548c\u91cd\u542fiptables\u670d\u52a1<br><code>service iptables save<br>service iptables restart<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4ee5\u4e0b\u4ee3\u7801\u7684\u4f5c\u7528\u662f\u628a\u672c\u673a\u6307\u5b9a\u7aef\u53e3\u6d41\u91cf\u8f6c\u53d1\u5230\u76ee\u6807\u670d\u52a1\u5668\u4e0a\u3002 \u5fc5\u987b\u5148\u5f00\u542f\u670d\u52a1\u5668\u7684\u8f6c\u53d1\u529f\u80fd\uff0c\u6253\u5f00\u63a7\u5236\u53f0\u8f93\u5165 vi \/e [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-96","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=\/wp\/v2\/posts\/96","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=96"}],"version-history":[{"count":0,"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=\/wp\/v2\/posts\/96\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=96"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=96"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.johntitorblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=96"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}