How to map all the Internet ports of iptables to a host on the Intranet (1)

ExploitationIptablesSetInternetPort allIngToIntranetThe specific operation process is as follows:

Etc/init. d/iptables start iptables

Initialize iptables and delete previous rules,

Iptables-F

Iptables-X

Iptables-Z

Iptables-F-t nat

Iptables-X-t nat

Iptables-Z-t nat

Allow SSH access, or you will not be able to access it later.

Iptables-a input-p TCP -- dport 22-j ACCEPT

Set Default inbound and outbound rules

Iptables-P INPUT DROP

Iptables-P OUTPUT ACCEPT

Iptables-P FORWARD ACCEPT

Iptables-a input-I lo-j ACCEPT

Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT

Load the corresponding module

Modprobe ip_tables

Modprobe iptable_nat

Modprobe ip_nat_ftp

Modprobe ip_conntrack

Modprobe ip_conntrack_ftp

Configure Default forwarding rules

Iptables-t nat-P PREROUTING ACCEPT

Iptables-t nat-P POSTROUTING ACCEPT

Iptables-t nat-P OUTPUT ACCEPT

Allow intranet connection

Iptables-a input-I Intranet Nic name (such as eth1)-j ACCEPT

Enable forwarding

Echo "1">/proc/sys/net/ipv4/ip_forward

Configure source NAT to allow Intranet access through host nat.

Iptables-t nat-a postrouting-s intranet Nic name-o Internet Nic name-j MASQUERADE

Map the FTP server to the Internet

Iptables-t nat-a prerouting-p tcp-d 58.222.1.3 -- dport 21-j DNAT -- to 192.168.0.211: 21

End, don't forget to save

Service iptables save

The gateway of 192.168.0.211 should be set to host 192.168.0.1. That's all. Iptables-t nat-a prerouting-d XXX. XXX-p tcp -- dport 8767-j dnat -- to 192.168.1.3 :?? OUTPUT two chain functions.

Iptables-a input-I eth1-j ACCEPT

Iptables-a output-o eth1-j ACCEPT

Iptables-a forward-I eth1-j ACCEPT

Iptables-a forward-o eth1-j ACCEPT