Port ing/port forwarding in CentOS

Port ing/port forwarding in CentOS

= [Implementation goal] ==============================

[Server A] has two NICs, one connected to the Intranet and one connected to the Internet. [server B] only has one Intranet Nic;

Access Port 7890 of [server A] and jump to port 80 of [server B.

= [Hardware device] ============================

Server
Eth0 10.0.0.49 Intranet
Eth1 192.168.0.222 Internet

Server B

Eth0 10.0.0.10 Intranet

= [STEP implementation] ============================

1. First, we should do the net. ipv4.ip _ forward = 1 in the/etc/sysctl. conf configuration file, which defaults to 0 to allow iptalbes FORWARD.
2. service iptables stop
3. reconfigure rules

Iptables-t nat-a prerouting-d 192.168.0.222-p tcp -- dport 7890-j DNAT -- to-destination 10.0.0.10: 80

Iptables-t nat-a postrouting-d 10.0.0.10-p tcp -- dport 80-j SNAT -- to 10.0.0.49

Iptables-a forward-o eth0-d 10.0.0.10-p tcp -- dport 80-j ACCEPT

Iptables-a forward-I eth0-s 10.0.0.10-p tcp -- sport 80-j ACCEPT

Service iptables save

4. start the iptables service and service iptables start

--- [Simple description, skip] ----------------------

Iptables-t nat-a prerouting-d 192.168.0.222-p tcp -- dport 7890-j DNAT -- to-destination 10.0.0.10: 80

# Point Port 7890 in eth1 of [server A] to port 80 in eth0 of [server B;

Iptables-t nat-a postrouting-d 10.0.0.10-p tcp -- dport 80-j SNAT -- to 10.0.0.49

# Point Port 80 in etch0 of the [server B] Nic to eth0 of [server;

Iptables-a forward-o eth0-d 10.0.0.10-p tcp -- dport 80-j ACCEPT

# Forwarding rule: Port 80 from the [server A] Nic eth0 to [server B;

Iptables-a forward-I eth0-s 10.0.0.10-p tcp -- sport 80-j ACCEPT

# Forwarding rule: Port 80 from [server A] Nic eth0 to [server B;

Service iptables save

# Save the current rule to/etc/sysconfig/iptables

If you want to forward all ports, you can use * instead of the specified port number.

If you are familiar with this file, directly modifying the content here is also equivalent to the command line Input rules, the following is for your reference.

-- [/Etc/sysconfig/iptables file content] --------------

# Generated by iptables-save v1.4.7 on Tue Mar 28 20:26:23 2017

* Nat

: Prerouting accept [5:322]

: Postrouting accept [0: 0]

: Output accept [0: 0]

-A prerouting-d 192.168.0.222/32-p tcp-m tcp -- dport 7890-j DNAT -- to-destination 10.0.0.10: 80

-A postrouting-d 10.0.0.10/32-p tcp-m tcp -- dport 8086-j SNAT -- to-source 10.0.0.49

COMMIT

# Completed on Tue Mar 28 20:26:23 2017

# Generated by iptables-save v1.4.7 on Tue Mar 28 20:26:23 2017

* Filter

: Input accept [1204: 145670]

: Forward accept [90: 9051]

: Output accept [595: 85633]

-A forward-d 10.0.0.10/32-o eth0-p tcp-m tcp -- dport 80-j ACCEPT

-A forward-s 10.0.0.10/32-I eth0-p tcp-m tcp -- sport 80-j ACCEPT

COMMIT

# Completed on Tue Mar 28 20:26:23 2017

---------------------------------------------------