ExploitationIptablesSetInternetPort allIngToIntranetThe specific operation process is as follows:
Etc/init. d/iptables start iptables
Initialize iptables and delete previous rules,
Iptables-F
Iptables-X
Iptables-Z
Iptables-F-t nat
Iptables-X-t nat
Iptables-Z-t nat
Allow SSH access, or you will not be able to access it later.
Iptables-a input-p TCP -- dport 22-j ACCEPT
Set Default inbound and outbound rules
Iptables-P INPUT DROP
Iptables-P OUTPUT ACCEPT
Iptables-P FORWARD ACCEPT
Iptables-a input-I lo-j ACCEPT
Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT
Load the corresponding module
Modprobe ip_tables
Modprobe iptable_nat
Modprobe ip_nat_ftp
Modprobe ip_conntrack
Modprobe ip_conntrack_ftp
Configure Default forwarding rules
Iptables-t nat-P PREROUTING ACCEPT
Iptables-t nat-P POSTROUTING ACCEPT
Iptables-t nat-P OUTPUT ACCEPT
Allow intranet connection
Iptables-a input-I Intranet Nic name (such as eth1)-j ACCEPT
Enable forwarding
Echo "1">/proc/sys/net/ipv4/ip_forward
Configure source NAT to allow Intranet access through host nat.
Iptables-t nat-a postrouting-s intranet Nic name-o Internet Nic name-j MASQUERADE
Map the FTP server to the Internet
Iptables-t nat-a prerouting-p tcp-d 58.222.1.3 -- dport 21-j DNAT -- to 192.168.0.211: 21
End, don't forget to save
Service iptables save
The gateway of 192.168.0.211 should be set to host 192.168.0.1. That's all. Iptables-t nat-a prerouting-d XXX. XXX-p tcp -- dport 8767-j dnat -- to 192.168.1.3 :?? OUTPUT two chain functions.
Iptables-a input-I eth1-j ACCEPT
Iptables-a output-o eth1-j ACCEPT
Iptables-a forward-I eth1-j ACCEPT
Iptables-a forward-o eth1-j ACCEPT