First, Introduction
http://liaoph.com/iptables/
Second, the operation
1) iptables Add and revise check
http://blog.51yip.com/linux/1404.html
Third, the application
1, NAT address translation--to achieve the external network forwarding intranet
1) Turn on the forwarding function of the Linux network card
# vim/etc/sysctl.conf 1-P
2) NET Configuration
Template
IPTABLES-T nat-i prerouting-d Public network ip-p TCP--dport public network Port-j DNAT-tointranet Ip:port -t nat-i postrouting-d inside Network Ip-p TCP--dport intranet Port-j SNAT-topublic IP -I forward-p tcp-d intranet IP--dport intranet Port-j ACCEPT
Instance
# HTTP Implementation effect: http://4.4.4.6 access is forwarded to 4.4.4.25:8080
iptables -t nat-i prerouting-d 4.4 . Span style= "COLOR: #800080" >4.6 -P TCP--dport 80 -j DNAT--to 4.4 . 4.25 : 8080 Iptables -T nat-i postrouting-d 4.4 . 4.25 -P TCP--dport 8080 -j SNAT--to 4.4 . 4.6 iptables -I forward-p tcp-d 4.4 . 4.25 --dport 8080 -j ACCEPT # HTTPS Implementation effect: https://4.4.4.6 access is forwarded to 4.4.4.25:443
iptables-T Nat-i prerouting-d4.4.4.6-P TCP--dport443-j DNAT--to4.4.4.25:443iptables-T Nat-i postrouting-d4.4.4.25-P TCP--dport443-j SNAT--to4.4.4.6iptables-I. forward-p tcp-d4.4.4.25--dport443-J ACCEPT # TCP Implementation effect: SSH 4.4.4.6 The login is the host 4.4. 4.25iptables-T Nat-i prerouting-d4.4.4.6-P TCP--dport A-j DNAT--to4.4.4.25: Aiptables-T Nat-i postrouting-d4.4.4.25-P TCP--dport A-j SNAT--to4.4.4.6iptables-I. forward-p tcp-d4.4.4.25--dport A-j ACCEPT
Reference: http://blog.csdn.net/gold2008/article/details/8282919
Linux Firewalls and Iptables