首页 > Linux系统管理 > linux iptables 做网关端口转发
2016
02-19

linux iptables 做网关端口转发

vim /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Jan 18 15:10:04 2016
*nat
:PREROUTING ACCEPT [18246:995042]
:POSTROUTING ACCEPT [1:52]
:OUTPUT ACCEPT [50:3535]
-A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -p tcp -m tcp –dport 33306 -j DNAT –to-destination 10.10.0.2:3306
-A PREROUTING -p tcp -m tcp –dport 43306 -j DNAT –to-destination 10.10.0.3:3306
COMMIT
# Completed on Mon Jan 18 15:10:04 2016
# Generated by iptables-save v1.4.7 on Mon Jan 18 15:10:04 2016
*filter
:INPUT ACCEPT [142:10229]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [119:10530]
COMMIT
# Completed on Mon Jan 18 15:10:04 2016

cat /proc/sys/net/ipv4/ip_forward
1
要改成1,当时忘记开启转发了 弄了好久才想起来
可以加到
/etc/sysctl.conf 里面
net.ipv4.ip_forward = 1
做好后把后端的机器网关改成机器内网IP地址即可

最后编辑:
作者:saunix
大型互联网公司linux系统运维攻城狮,专门担当消防员

留下一个回复