Use iptables to configure the Linux Proxy Server

1. enable the linux route forwarding function. # Vi/etc/sysctl. conf settings (default is 0) net. ipv4.ip _ forward1 after the settings are complete, run the following command to make it take effect # sysctl-p2. enable nat in iptable. Here I use linux system 192.168.3.8 as the proxy server, 192.168.3.110 as the client A. Open 1. enable the linux route forwarding function. # Vi/etc/sysctl. conf
Set (0 by default)
Net. ipv4.ip _ forward = 1
After the setting, run the following command to make it take effect.
# Sysctl-p

2. enable the nat function in iptable. Here, I use linux 192.168.3.8 as the proxy server and 192.168.3.110 as the client.
A. enable the data forwarding function. the client can access the Internet.
# Iptables-T nat-a postrouting-s 192.168.3.0/24-o eth0-jMASQUERADE
After this setting, 192.168.3.110 can use 192.168.3.8 as the gateway to access the Internet.
B. use the port conversion function to allow external IP addresses to access the remote desktop of 192.168.3.110.
# Iptables-t nat-a prerouting-d 192.168.3.8-I eth0-p tcp -- dport 4355-j DNAT -- to-destination 192.168.3.110: 3389
In this way, I can access the remote desktop of 192.168.3.110 through 121.12.1.2: 4355.
Isn't it easy? of course, you can also set forwarding functions for other ports, such as ports 80 and 25. In this way, when your publicIP is not enough, you can use this method to enable servers without public IP addresses to provide external services.

3. the last step is critical.
#/Etc/init. d/iptables save
If you do not save the settings, the settings will be gone after the next restart.

4. after iptables is set, run the command to check the configuration result.
# Iptables-t nat-L

5. You can also modify the iptables configuration file.
# Add vi/etc/sysconfig/iptables. save
-A prerouting-d 192.168.3.8-I eth0-p tcp-m tcp -- dport 4355-j DNAT -- to-destination 192.168.3.110: 3389
-A postrouting-s 192.168.3.0/255.255.255.0-o eth0-jMASQUERADE