Environment:
A server: Nic 1:192.168.1.151 nic 2:10.10.69.10
B Server: Nic 1:10.10.69.41
Requirements:
Access to 192.168.1.151:1521 is access to 10.10.69.41:1521
Enable port forwarding:
Echo 1 >/proc/sys/net/ipv4/ip_forward
Emptying the NAT table
Iptables-t nat-f
Port forwarding Configuration Detailed:
1. Simulate the Linux forwarding process:
Accessing 192.168.1.151:1521 through 192.168.1.171 accesses the 10.10.69.41:1521 forwarding process:
When a server accepts a packet:
SRC 192.168.1.171 Port DST 192.168.1.151 Port 1521
The following data packets are converted using the Dnat conversion destination port:
SRC 192.168.1.171 Port DST 10.10.69.41 Port 1521
The converted packets are then Snat or masquerade
SRC 10.10.69.10 Port DST 10.10.69.41 Port 1521
2. Command implementation:
First, the first Dnat conversion is implemented:
Iptables-t nat-a prerouting-p tcp-d 192.168.1.151--dport 1521-j DNAT--to-destination 10.10.69.41
(Main idea: The package that matches the DST 192.168.1.151 Port 1521 changes the destination address to 10.10.69.41)
2-Way Conversion src Address:
(1) then proceed to Masquerade
Iptables-t nat-a postrouting-p tcp-d 10.10.69.41--dport 1521-j Masquerade
(to the effect: Configure DST 10.10.69.41 Port 1521 packets to change the source address to the address of the network adapter for DST 10.10.69.41 Port 1521)
(2) using Snat conversion:
Iptables-t nat-a postrouting-p tcp-d 10.10.69.41--dport 1521-j SNAT--to-source 10.10.69.10
(Main idea: packages that match DST 10.10.69.41 Port 1521 change the source address to 10.10.69.10)
Actually, I've done it before, but I haven't made any notes.
This time the packet is stuck in the packet is first used Dnat then the modified packet is snat so I used
Iptables-t nat-a prerouting-p tcp-d 192.168.1.151--dport 1521-j DNAT--to-destination 10.10.69.4
Iptables-t nat-a postrouting-p tcp-d 10.192.168.1.151--dport 1521-j SNAT--to-source 10.10.69.10
This kind of statement is always unsuccessful major or the principle is not clear understand now the principle is clear in how can not be mistaken
This article is from the direction of the road. Confused "blog, be sure to keep this source http://qidai.blog.51cto.com/6435621/1650464
Review Linux port forwarding and forwarding process feeling