Iptables is a useful system tool.Iptables port forwarding.
First, run the following script:
# Filename gw. sh
PATH = $ PATH:/usr/sbin:/sbin
Echo "1">/proc/sys/net/ipv4/ip_forward
Modprobe ip_tables
Modprobe ip_nat_ftp
Modprobe ip_conntrack_ftp
Iptables-F INPUT
Iptables-F FORWARD
Iptables-f postrouting-t nat
Iptables-f prerouting-t nat
Iptables-P FORWARD DROP
Iptables-a forward-s 10.0.0.0/24-j ACCEPT
Iptables-a forward-I eth0-m state -- state ESTABLISHED, RELATED-j ACCEPT
Iptables-t nat-a postrouting-o eth0-s 10.0.0.0/24-j MASQUERADE
Iptables-t nat-a prerouting-p tcp-d 192.168.1.201 -- dport 80-j DNAT -- to 10.0.0.2: 80
Iptables-a forward-p tcp-d 192.168.1.201 -- dport 80-j ACCEPT
Iptables-a forward-p tcp-d 10.0.0.2 -- dport 80-j ACCEPT
Then access the service from the outside. No problem.
Then I changed the script:
# Filename gw. sh
PATH = $ PATH:/usr/sbin:/sbin
Echo "1">/proc/sys/net/ipv4/ip_forward
Modprobe ip_tables
Modprobe ip_nat_ftp
Modprobe ip_conntrack_ftp
Iptables-F INPUT
Iptables-F FORWARD
Iptables-f postrouting-t nat
Iptables-f prerouting-t nat
Iptables-P FORWARD DROP
Iptables-a forward-s 10.0.0.0/24-j ACCEPT
Iptables-a forward-I eth0-m state -- state ESTABLISHED, RELATED-j ACCEPT
Iptables-t nat-a postrouting-o eth0-s 10.0.0.0/24-j MASQUERADE
Iptables-t nat-a prerouting-p tcp-d 192.168.1.201 -- dport 8000-j DNAT -- to 10.0.0.2: 80
Iptables-a forward-p tcp-d 192.168.1.201 -- dport 8000-j ACCEPT
Iptables-a forward-p tcp-d 10.0.0.2 -- dport 80-j ACCEPT
#! /Bin/sh
PATH = $ PATH:/usr/sbin:/sbin
Echo "1">/proc/sys/net/ipv4/ip_forward
Modprobe ip_tables
Modprobe ip_nat_ftp
Modprobe ip_conntrack_ftp
Iptables-F INPUT
Iptables-F FORWARD
Iptables-f postrouting-t nat
Iptables-f prerouting-t nat
Iptables-P FORWARD DROP
Iptables-t nat-P PREROUTING DROP
Iptables-a forward-s 10.0.0.0/24-j ACCEPT
Iptables-a forward-I eth0-m state -- state ESTABLISHED, RELATED-j ACCEPT
Iptables-t nat-a postrouting-o eth0-s 10.0.0.0/24-j MASQUERADE
Iptables-t nat-a prerouting-p tcp-d 192.168.1.201 -- dport 81-j DNAT -- to 10.0.
0.2: 80
Iptables-a forward-p tcp-d 10.0.0.2 -- dport 80-j ACCEPT
Iptables-t nat-a prerouting-p tcp-d 192.168.1.201 -- dport 21-j DNAT -- to 10.0.
0.2: 21
Iptables-a forward-p tcp-d 10.0.0.2 -- dport 21-j ACCEPT