iptables高级nat转换
原创
©著作权归作者所有:来自51CTO博客作者xuningt28的原创作品,请联系作者获取转载授权,否则将追究法律责任
# Generated by iptables-save v1.3.5 on Fri Feb 11 14:36:35 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [303317:46580368]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -i tap+ -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/255.255.0.0 -j ACCEPT
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 1196 -j ACCEPT
#-A RH-Firewall-1-INPUT -d 192.168.1.236 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.236 -p tcp -m state --state NEW -m multiport --dports 80,25,110,443,3389 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.237 -p tcp -m state --state NEW -m multiport --dports 8081,443,110,25 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.43 -p tcp -m state --state NEW -m multiport --dports 80,1935 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.43 -p udp -m state --state NEW -m multiport --dports 1935 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.71 -p tcp -m state --state NEW -m multiport --dports 21 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.216 -j ACCEPT
-A RH-Firewall-1-INPUT -d 192.168.1.100 -p tcp -m state --state NEW -m multiport --dports 80,22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Feb 11 14:36:35 2011
# Generated by iptables-save v1.3.5 on Fri Feb 11 14:36:35 2011
*nat
:PREROUTING ACCEPT [509772:35100153]
:POSTROUTING ACCEPT [7323:396836]
:OUTPUT ACCEPT [53:3480]
-A PREROUTING -d 212.100.67.3 -j DNAT --to-destination 192.168.1.236
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 1935 -j DNAT --to-destination 192.168.1.43:1935
-A PREROUTING -d 212.100.67.4 -p udp -m udp --dport 1935 -j DNAT --to-destination 192.168.1.43:1935
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.43:80
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.1.71:21
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.1.237:8081
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.1.237:443
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.1.237:110
-A PREROUTING -d 212.100.67.4 -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.237:25
-A PREROUTING -d 212.100.67.5 -j DNAT --to-destination 192.168.1.216
-A PREROUTING -d 212.100.67.6 -j DNAT --to-destination 192.168.1.100
-A PREROUTING -d 212.100.67.2 -p udp -m udp --dport 53 -j DNAT --to-destination 219.143.67.2:1196
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.236 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.216 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.43 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.71 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.100 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.237 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -s 192.168.1.236 -o eth1 -j SNAT --to-source 212.100.67.3
-A POSTROUTING -s 192.168.1.43 -o eth1 -j SNAT --to-source 212.100.67.4
-A POSTROUTING -s 192.168.1.71 -o eth1 -j SNAT --to-source 212.100.67.4
-A POSTROUTING -s 192.168.1.237 -o eth1 -j SNAT --to-source 212.100.67.4
-A POSTROUTING -s 192.168.1.216 -o eth1 -j SNAT --to-source 212.100.67.5
-A POSTROUTING -s 192.168.1.100 -o eth1 -j SNAT --to-source 212.100.67.6
-A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Feb 11 14:36:35 2011
上一篇:mrtg ping
下一篇:tc 流量控制 内网平均带宽分配
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
IPtables 防火墙 FORWARD链 NAT
iptables filter中的三条链 iptables操作 配置forward链 配置SNAT
NAT iptables forward -
iptables nat转换原理图 iptables snat dnat
iptables中可以灵活的做各种网络地址转换(NAT) 网络地址转换主要有两种:SNAT和DNATSNAT是Source network address translation的缩写,即 源地址转换; 比如,多个PC机使用ADSL路由器共享上网,每个PC机都配置了内网IP,P
iptables nat转换原理图 web服务 translation 路由器 防火墙