Centos 6.9 port open and port forwarding instance

Source: Internet
Author: User


*filter
: INPUT ACCEPT [25,350:2,120,857]
: FORWARD ACCEPT [1:20,000]
: OUTPUT ACCEPT [26,183:2,224,589]
-A input-m state--state related,established-j ACCEPT
-A input-p icmp-j ACCEPT
-A input-i lo-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 22-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 80-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 443-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 808-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 1080-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 3128-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 8000-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 8080-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 8088-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 8084-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 8888-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 15210-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 15211-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 15223-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 30001-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 4869-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 11211-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 7000-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 6000-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 15440-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 12000-j ACCEPT
-A input-p udp-m state--state new-m UDP--dport 12000-j ACCEPT
-A input-p tcp-m state--state new-m TCP--dport 12001-j ACCEPT
-A input-p udp-m state--state new-m UDP--dport 12001-j ACCEPT


-A forward-d 192.168.10.210/32-o eth0-p tcp-m tcp--dport 22-j ACCEPT
-A forward-s 192.168.10.210/32-i eth0-p tcp-m tcp--sport 22-j ACCEPT


-A forward-d 192.168.10.246/32-o eth0-p udp-m UDP--dport 12000-j ACCEPT
-A forward-s 192.168.10.246/32-i eth0-p udp-m UDP--sport 12000-j ACCEPT
# The following two means to reject all other packets that do not conform to any of the above rules in the input and forward tables, so you must place the end of this section
-A input-j REJECT--reject-with icmp-host-prohibited
-A forward-j REJECT--reject-with icmp-host-prohibited
COMMIT




*nat
:P rerouting ACCEPT [10,000:20,000]
:P ostrouting ACCEPT [20:20,000]
: OUTPUT ACCEPT [125:20,000]
-A prerouting-p tcp-m tcp--dport 15210-j dnat--to-destination
-A prerouting-p tcp-m tcp--dport 12000-j dnat--to-destination
-A prerouting-p udp-m UDP--dport 12000-j dnat--to-destination 192.168.10.246:12000


-A postrouting-d 192.168.10.210/32-p tcp-m tcp--dport 22-j SNAT--to-source 192.168.10.250
-A postrouting-d 192.168.10.246/32-p tcp-m tcp--dport 12000-j SNAT--to-source 192.168.10.250
-A postrouting-d 192.168.10.246/32-p udp-m UDP--dport 12000-j SNAT--to-source 192.168.10.250


COMMIT




Note

192.168.10.250 is an extranet can access the intranet address of the server, this machine is a direct external network IP.

192.168.10.246 is a server inside the intranet, this server and 192.168.10.250 in the same subnet, but no extranet IP, must jump through the 192.168.10.250

)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.