Iptables and SSH implement Destination Address Translation

Deploy the Virtual Machine vmware workstation for Linux on a certain machine (centos 5.8) and deploy multiple XP systems. The company does not have many IP addresses in the 192.168.1.0/24 network segment, we hope to provide a dedicated network segment 192.168.2.0/24 to the virtual machine. We recommend that you access 1.0 of the Virtual Machine 2.0 normally in the 3389 network segment.

1. Ignore installation of virtual machines

2. Set the Virtual Machine Nic to the bridging mode, the virtual machine Nic to the 192.168.2.0 segment, and the gateway 192.168.2.1

Add eth0: 0 on the physical machine, and set the IP address to 192.168.2.1/24.

Ifconfig eth0: 0 192.168.2.1/24 up

You can also set the Virtual Machine Nic to Nat mode and the IP address of vmnet8 on the physical machine to 192.168.2.1/24.

3. Use iptables's target address translation (DNAT)

1) Enable kernel forwarding Parameters

Vim/etc/sysctl. conf

Modify

Net. ipv4.ip _ forward = 0

Is

Net. ipv4.ip _ forward = 1

2)

Iptables-T nat-I prerouting-I eth0-D 192.168.1.230-P TCP -- dport 33891-J DNAT -- to-destination 192.168.2.2: 3389

Access 192.168.1.230: 33891 is equivalent to access 192.168.2.2: 3389

So far...

You can also use the SSH Tunnel

For example, xshell

Add the following rules to the shell connecting to 192.168.1.230:

Type: Local (outgoing)

Source HOST: localhost

Listening port: 33891

Target address: 192.168.2.2

Target Port: 3389

Accessing localhost: 33891 is equivalent to accessing 192.168.2.2: 3389

This method can achieve Internet access, and I personally think it is safer (publish 22 of 192.168.1.230)

You can also directly create a tunnel by Using SSH commands.

This article is from the "red stone" blog, please be sure to keep this source http://heishi317.blog.51cto.com/4301036/1530793