iptables实现端口转发实际案例

时间:2021-12-03 10:18:52
 
拓扑

client
192.168.10.200   使用navicat连接192.168.10.194:10086


跳板机
外网:192.168.10.194
内网:10.1.1.1

内网mysql:
10.1.1.2



[root@test194 network-scripts]# cat ../iptables
# Generated by iptables-save v1.4.7 on Thu Mar 31 19:13:10 2016
*nat
:PREROUTING ACCEPT [38:6207]
:POSTROUTING ACCEPT [13:938]
:OUTPUT ACCEPT [13:938]
#-A PREROUTING -d 192.168.10.194/32 -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.1.1.2:3306
#-A POSTROUTING -d 10.1.1.2/32 -p tcp -m tcp --dport 3306 -j SNAT --to-source 10.1.1.1
-A PREROUTING -d 192.168.10.194/32 -p tcp -m tcp --dport 10086 -j DNAT --to-destination 10.1.1.2:3306
-A POSTROUTING -d 10.1.1.2/32 -p tcp -m tcp --dport 3306 -j SNAT --to-source 10.1.1.1
COMMIT
# Completed on Thu Mar 31 19:13:10 2016
# Generated by iptables-save v1.4.7 on Thu Mar 31 19:13:10 2016
*filter
:INPUT ACCEPT [1349:173426]
:FORWARD ACCEPT [6:304]
:OUTPUT ACCEPT [239:31244]
-A INPUT -d 192.168.10.194/32 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -d 192.168.10.194/32 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -d 192.168.10.194/32 -p tcp -m tcp --dport 10086 -j ACCEPT
COMMIT
# Completed on Thu Mar 31 19:13:10 2016
[root@test194 network-scripts]#

 

标签:

相关文章