iptables 端口转发功能简单例子
2015-06-10 17:10
405 查看
1.清空已有的清除预设表filter中的所有规则链的规则和filter中使用者自定链中的规则
2,设置端口转发功能,将192.168.91.129 10001端口的请求转发到 192.168.91.129的8080端口
3,查看定义的规则
4,现在可以在外部通过10001端口访问了。但在本机无法访问。需要执行下面的命令
5,看到下面的结果即成功(80端口要部署好应用)
备注:1,删除指定的规则。PREROUTING 后面的数字数 iptables -t nat -L -n --line-numbers查的编号
2,系统的ip转发功能:echo 1 > /proc/sys/net/ipv4/ip_forward
3,redhat7防火墙关闭
root@localhost bin]# iptables -F [root@localhost bin]# iptables -X
2,设置端口转发功能,将192.168.91.129 10001端口的请求转发到 192.168.91.129的8080端口
[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp -i eno16777736 -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080
3,查看定义的规则
[root@localhost bin]# iptables -t nat -L -n --line-numbers Chain PREROUTING (policy ACCEPT) num target prot opt source destination 1 DNAT tcp -- 0.0.0.0/0 192.168.91.129 tcp dpt:10001 to:192.168.91.129:8080
4,现在可以在外部通过10001端口访问了。但在本机无法访问。需要执行下面的命令
[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp -i lo -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080 [root@localhost bin]# iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080 [root@localhost bin]# iptables -t nat -A OUTPUT -p tcp -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080
5,看到下面的结果即成功(80端口要部署好应用)
[root@localhost bin]# wget http://127.0.0.1:10001 --2015-06-10 05:04:27-- http://127.0.0.1:10001/ Connecting to 127.0.0.1:10001... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.html.3’ [ <=> ] 11,230 --.-K/s in 0s 2015-06-10 05:04:27 (51.4 MB/s) - ‘index.html.3’ saved [11230] [root@localhost bin]# wget http://192.168.91.129:10001 --2015-06-10 05:04:42-- http://192.168.91.129:10001/ Connecting to 192.168.91.129:10001... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.html.4’ [ <=> ] 11,230 --.-K/s in 0s 2015-06-10 05:04:42 (265 MB/s) - ‘index.html.4’ saved [11230]
备注:1,删除指定的规则。PREROUTING 后面的数字数 iptables -t nat -L -n --line-numbers查的编号
[root@localhost bin]# iptables -t nat -D PREROUTING 1
2,系统的ip转发功能:echo 1 > /proc/sys/net/ipv4/ip_forward
3,redhat7防火墙关闭
防火墙关闭 root@localhost Desktop]# systemctl stop firewalld.service [root@localhost Desktop]# systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: inactive (dead) since Tue 2015-06-09 21:58:35 EDT; 11s ago Process: 981 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 981 (code=exited, status=0/SUCCESS) Jun 09 21:47:21 localhost.localdomain systemd[1]: Started firewalld - dynamic... Jun 09 21:58:34 localhost.localdomain systemd[1]: Stopping firewalld - dynami... Jun 09 21:58:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic... Hint: Some lines were ellipsized, use -l to show in full. [root@localhost Desktop]# firewall-c firewall-cmd firewall-config [root@localhost Desktop]# firewall-cmd --reload FirewallD is not running
相关文章推荐
- Win8.1不借助第三方软件怎么给文件夹加密并隐藏
- Kettle-3-使用
- RevitAPI: 创建四通失败CrossFitting - InvalidOperationException: failed to insert cross.
- 轮播图ViewPager基本写法
- [前端] jquery方法 遍历返回的对象数组
- POJ 2196
- POJ 2209
- POJ 2234
- SQLServer学习笔记系列6
- JavaScript(js)的replace问题的解决
- php调试函数
- 带宽计算方法 及 大B与小b 说明
- html5实现录音、拍摄功能
- 超级强大的SVG SMIL animation动画详解
- haproxy做TCP层的负载均衡
- Xcode6.x+opencv配置成功
- C#做的登录界面包含验证码
- 关于handler内存泄露的问题
- linux给普通用户增加sudo权限
- Windows API 的数据类型与 Delphi 数据类型对照表