Port forwarding: An Application of Iptables in the network

Article title: port forwarding: An Application of Iptables in the network. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Based on win2k, the port number is 881, the server is directly connected to the external network, the client is accessed through the server ip address, and they do not have the server software based on linux, as they mean, the server must be switched to windows. As a linux enthusiast, I think everyone understands this pain. I flipped through the information and found that the port forwarding function of iptables can be solved. after one afternoon, I finally completed the task. The following describes my methods:
Thought: when the server receives a port 881 request through port forwarding, it forwards the request to 10.10.2.200: 881, and 10.10.2.200 then returns the data to the request connector.
Eth0: Connect to ADSL, that is, the ppp0 interface
Eth1: connects to the internal network. the ip address is 10.10.1.1.
10.10.2.200 is a win2k server with Port 881 providing network services.
　　
A. B. c. d. ppp0: 881? eth1? 10. 10.2.200: 881; route when data comes in
10.10.2.200: 881. eth1. ppp0: 881. a. B. c. d; route when data goes out
　　
Iptbles script:
Iptables-t nat-a prerouting-p tcp-m tcp -- dport 881-j DNAT -- to-destination 10.10.2.200: 881; forward 881 requests to Port 10.10.2.00: 881
Iptables-t nat-a postrouting-s 10.10.0.0/16-d 10.10.2.200-p tcp-m tcp -- dport 881-j SNAT -- to-source 10.10.1.1; return. b. b. d. when the data source comes from the same subnet, change the source address to 10.10.1.1, issue the data source from eth0, and find a in the connection tracking table. b. c. d comes in from ppp0, and ppp0 sends the data.
Of course, do not forget to add a statement to allow access to port 881.
Iptables? A input? P tcp? Dport 881? I ppp0? J ACCEPT
　　
Can I place the server in a local area and use port forwarding? The answer is yes. since Port 881 can be forwarded, ports and 80 can be customized, as long as there is an appropriate port, it is okay to open an ftp server for every user in the LAN. All services you want to implement can be implemented, of course, based on port forwarding.
　　
In the LAN, 10.10.2.101 is win2k and provides the www service. The port number is 800.
Access through server http: // serverip: 800.
Iptables-t nat-a prerouting-p tcp-m tcp -- dport 800-j DNAT -- to-destination 10.10.2.101: 800
Iptables-t nat-a postrouting-s 10.10.0.0/16-d 10.10.2.101-p tcp-m tcp -- dport 800-j SNAT -- to-source 10.10.1.1
Iptables? A input? P tcp? Dport 800? I ppp0? J ACCEPT
　　
Because port forwarding is implemented, you only need to install iptables on the server to forward data. all services are done by the internal server. in this case, I think linux server is actually a firewall.