2018-03-22 Linux Learning

Source: Internet
Author: User
Tags iptables

10.15 iptables Filter Table small case

vim/usr/local/sbin/iptables.sh
#!/bin/bash
ipt= "/usr/sbin/iptables"
$ipt-F
$ipt-P INPUT DROP
$ipt-P OUTPUT ACCEPT
$ipt-P FORWARD ACCEPT
$ipt-A input-m State--state related,established-j ACCEPT
$ipt-A input-s 192.168.104.0/24-p TCP--dport 22-j ACCEPT
$ipt-A input-p TCP--dport 80-j ACCEPT
$ipt-A input-p TCP--dport 21-j ACCEPT

Prevent other computers from pinging the machine
Iptables-i input-p ICMP--icmp-type 8-j DROP

10.16 iptables NAT Table Application (top)

NAT Table Application

A机器两块网卡 ens33(192.168.104.160)、ens37(192.168.100.1),ens33可以上外网,ens37仅仅是内部往来,B机器只有ens37(192.168.100.100),和A机器ens37可以通信互联    需求1:可以让B机器连接外网        A机器上打开路由转发 echo "1" > /proc/sys/net/ipv4/ip_forward        A机器上执行 iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADE        B机器上设置网关为 192.168.100.1    需求2: C 机器只能和 A 通信,让C机器可以直接连通B机器的22端口        A上打开路由转发 echo "1" > /proc/sys/net/ipv4/ip_forward        A上执行 iptables -t nat -A PREROUTING -d 192.168.104.160 -p tcp --dport 1122 -j DNAT --to 192.168.100.100:22        A上执行 iptables -t nat -A POSTROUTING -s 192.168.100.100 -j SNAT --to 192.168.104.160        B上设置网关为 192.168.100.1ifconfig ens37 192.168.100.1/24ifconfig ens37 192.168.100.100/24

10.17 iptables NAT Table Application (middle)

A上打开端口转发,再添加iptables规则    echo "1" > /proc/sys/net/ipv4/ip_forward    iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADEB上设置网关    route add default gw 192.168.100.1    ping 192.168.104.160     能ping通,说明与外网可以通信了    添加DNS 119.29.29.29

10.18 iptables NAT Table application (bottom)

A 机器 先清空规则,再添加规则 (端口映射,实现远程连接)    iptables -F    echo "1" > /proc/sys/net/ipv4/ip_forward    iptables -t nat -A PREROUTING -d 192.168.104.160 -p tcp --dport 1122 -j DNAT --to 192.168.100.100:22    iptables -t nat -A POSTROUTING -s 192.168.100.100 -j SNAT --to 192.168.104.160B上设置网关为 192.168.100.1    ifconfig ens37 192.168.100.100/24    route add default gw 192.168.100.1

2018-03-22 Linux Learning

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.