[root@AY1405192126447871b3Z ~]# echo 1 > /proc/sys/net/ipv4/ip_forward [root@AY1405192126447871b3Z ~]# chkconfig --list iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@AY1405192126447871b3Z ~]# chkconfig --level 35 iptables on [root@AY1405192126447871b3Z ~]# iptables -I INPUT -p tcp --dport 80 -j ACCEPT [root@AY1405192126447871b3Z ~]# iptables -I INPUT -p tcp --dport 22 -j ACCEPT [root@AY1405192126447871b3Z ~]# iptables -t nat -A PREROUTING -p tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389 [root@AY1405192126447871b3Z ~]# iptables -t nat -A POSTROUTING -d 10.162.222.114 -p tcp --dport 3389 -j SNAT --to 10.162.222.113 [root@AY1405192126447871b3Z ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@AY1405192126447871b3Z ~]# service iptables start iptables: Applying firewall rules: [ OK ] [root@AY1405192126447871b3Z ~]# ################################################ 2014-05-21-1010 [root@AY1405192126447871b3Z ~]# iptables -t nat -A PREROUTING -p tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21 [root@AY1405192126447871b3Z ~]# iptables -t nat -A POSTROUTING -d 10.162.222.114 -p tcp --dport 21 -j SNAT --to 10.162.222.113 [root@AY1405192126447871b3Z ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@AY1405192126447871b3Z ~]#
验证
[root@iZ94l01jktpZ backup]# cat tarball/iptables # Generated by iptables-save v1.4.7 on Wed May 21 10:09:55 2014 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -p tcp -m tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389 -A PREROUTING -p tcp -m tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21 -A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 3389 -j SNAT --to-source 10.162.222.113 -A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 21 -j SNAT --to-source 10.162.222.113 COMMIT # Completed on Wed May 21 10:09:55 2014 # Generated by iptables-save v1.4.7 on Wed May 21 10:09:55 2014 *filter :INPUT ACCEPT [8238:602146] :FORWARD ACCEPT [2664150:1550524495] :OUTPUT ACCEPT [112580:10996580] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT COMMIT # Completed on Wed May 21 10:09:55 2014 [root@iZ94l01jktpZ backup]#
验证2
[root@iZ94l01jktpZ backup]# cat iptables # Generated by iptables-save v1.4.7 on Fri Jul 18 18:03:37 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [20:2096] -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Fri Jul 18 18:03:37 2014 # Generated by iptables-save v1.4.7 on Fri Jul 18 18:03:37 2014 *nat :PREROUTING ACCEPT [383246:20660056] :POSTROUTING ACCEPT [870932:63991735] :OUTPUT ACCEPT [870932:63991735] -A PREROUTING -p tcp -m tcp --dport 43389 -j DNAT --to-destination 10.162.222.114:3389 -A PREROUTING -p tcp -m tcp --dport 40021 -j DNAT --to-destination 10.162.222.114:21 -A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 3389 -j SNAT --to-source 10.162.222.113 -A POSTROUTING -d 10.162.222.114/32 -p tcp -m tcp --dport 21 -j SNAT --to-source 10.162.222.113 COMMIT # Completed on Fri Jul 18 18:03:37 2014 [root@iZ94l01jktpZ backup]#