2. Tech
  3. How to complete port mapping with iptable

How to complete port mapping with iptable

xiaoxiao2021-03-06  117

I have an external network IP: 218.17.xxx.xxx, now I want to use this IP to map to the internal web server from Linux to the internal Web server: 192.168.188.5, whether it is outside or internal use 218.17.xxx.xxx Visit the web (this web is on the internal 192.18.188.5), how to do? Q: One LAN 192.168.1.0/24, there are Web and FTP servers 192.168.1.10, 192.168.1.11, gateway Linux, intranet Eth0, IP is 192.168 . 1.1, external network Eth1, IP is Abcd, how to make NAT enable internal and external networks to access company's servers? A: # Web # Use DNAT for port mapping iptables -t nat -a preording -d ABCD -P TCP - Dport 80 -J DNAT - TO 192.168.1.10 # 作 源 源 地址 地址 ((Key) to respond Package correctly return iptables -t nat -a postrouting -d 192.168.1.10 -p TCP - Dport 80 -J Snat --to 192.168.1.1 # Some people often forget to open the relevant port of the Forward chain, hereby add iptables -a Forward -o Eth0 -d 192.168.1.10 -p tcp --dport 80 -j acceptiptables -a forward -i eth0 -s 192.168.1.10 -p TCP --SPORT 80 -M --State Established -j accept # ftpmodprobe ip_nat_ftp # ## Load IP_NAT_FTP Module (If there is no compiling kernel), so that the FTP can be correct NATMODPROBE IP_CONNTRACK_FTP ### load ip_conntrack_ftp module # with DNAT for port mapping iptables -t nat -a preording -d Abcd -p tcp --dport 21 -J DNAT - TO 192.168.1.11iptables -a forward -o eth0 -d 192.168.1.11 -p TCP --DPORT 21 -J Acceptiles -a forward -i eth0 -s 192.168.1.11 -p tcp --sport 21 - M --State Established -J Acceptiptables -a forward -i eth0 -s 192.168.1.11 -p tcp --sport 20 -M --State Established, Related -j Acceptiptables -a Forward-O Eth0 -D 192.168.1.11 -p TCP - DPORT 20 -M --State Established -j Acceptiptables -a for Ward -o eth0 -d 192.168.1.11 -p tcp --dport 1024: -m --State Established, Related -j Acceptiptables -a forward -j eth0 -s 192.168.1.11 -p tcp --sport 1024: -M - -State Established -j Accept # uses SNAT to give a source address translation (key) so that the response package can return to iptables -t nat -a postrouting -d 192.168.1.11 -p tcp --dport 21 -i eth0 -j snat -to 192.168.1.1 Q: Network environment is as follows,

转载请注明原文地址:https://www.9cbs.com/read-103793.html

9cbs

New Post(0)