Environment:
centos6.5,192.168.1.10, external network bidirectional communication, binding domain name zlzkj.org;
winserver2008,192.168.1.11, the outside network can not directly access to the machine, but FTP, Remote Desktop, MySQL want to open to zlzkj.org access;
Goal:
ftp:192.168.1.10 21 forwards to 192.168.1.11 21;
Remote Desktop: 192.168.1.10 3389 forwards to 192.168.1.11 3389;
mysql:192.168.1.10 3361 forwards to 192.168.1.11 3361;
1. Need to turn on the data forwarding function of Linux first
Vim/etc/sysctl.conf
Change Net.ipv4.ip_forward=0 to 1
Sysctl-p
2. Change Iptables, run the following command
#将192.168.1.10 21 Port data is forwarded to 192.168.1.11:21.
Iptables-t nat-a prerouting-d 192.168.1.10-p tcp–dport 21-j dnat–to-destination 192.168.1.11:21
#将192.168.1.11 21 Port data is returned with the source IP changed to 192.168.1.10
Iptables-t nat-a postrouting-d 192.168.1.11-p tcp–dport 21-j snat–to-source 192.168.1.10
#远程桌面
Iptables-t nat-a prerouting-d 192.168.1.10-p tcp–dport 3389-j dnat–to-destination 192.168.1.11:3389
Iptables-t nat-a postrouting-d 192.168.1.11-p tcp–dport 3389-j snat–to-source 192.168.1.10
#MySQL
Iptables-t nat-a prerouting-d 192.168.1.10-p tcp–dport 3361-j dnat–to-destination 192.168.1.11:3361
Iptables-t nat-a postrouting-d 192.168.1.11-p tcp–dport 3361-j snat–to-source 192.168.1.10
3. Save Iptables
Service Iptables Save
iptables Configuring server Port Forwarding