iptables NAT scripts

xiaoxiao2021-03-06 39

[root @ TEST11 ETC] # more xxx

#! / bin / bash

Echo "1"> / proc / sys / net / ipv4 / ip_forward

INET_IFACE = "Eth1"

INET_IP = "210.75.18.35"

LAN_IFACE = "Eth0"

LAN_IP = "192.168.10.11"

LAN_IP_RANGE = "192.168.10.0/8"

IPT = "/ sbin / iptables"

# Www_ip = 192.168.10.191

# Tomcat_ip = 192.168.10.5

PCAW_IP = 192.168.10.174

HTTP = "80"

Https = "443"

Tomcat = "8000"

REMOTE = "3389"

PCAW_TCP = "5631"

PCAW_UDP = "5632"

/ sbin / depmod -a

/ sbin / modprobe ip_tables

/ sbin / modprobe iptable_nat

/ SBIN / MODPROBE IP_NAT_FTP

/ sbin / modprobe ipt_log

For Table In Filter Nat Mangle; Do

$ IPT -T $ TABLE -F

$ IPT -T $ TABLE -X

DONE

iptables -p input accept accept

iptables -p output accept accept

iptables -p forward accept

$ Ipt -t nat -p preloading accept

$ Ipt -t nat -p postrouting accepting accept

$ Ipt -t nat -p output accept accept

IF [$ inet_iface "= ppp0]; then

$ Ipt -t nat -a postrouting -o $ inet_iface -j masquerade

Else

$ Ipt -t nat -a postrol-ip $ inet_iface -j snat --to $ inet_ip

$ Ipt -t nat -a preording -p tcp -d $ inet_ip --dport 23 -j dnat --to $ PCAW_IP: 21

iptables -t nat -a postrol -d 192.168.10.174 -p TCP - Dport 21 -J Snat --to 192.168.10.11

$ Ipt -t nat -a preording -p tcp -d $ inet_ip --dport 3389 -j dnat --to 192.168.10.174:3389

iptables -t nat -a postrol -d 192.168.10.174 -p TCP - Dport 3389 -J Snat --to 192.168.10.11

# Ipt -t nat -a preording -p tcp -d $ inet_ip --dport 3389 -j dnat --to 192.168.10.99:3389

#iptables -t nat -a postrouting -d 192.168.10.99 -p TCP - Dport 3389 -J Snat --to 192.168.10.11

$ Ipt -t nat -a preording -p tcp -d $ inet_ip --dport 3389 -j dnat --to 192.168.10.100:3389#iptables -t nat -a postrouting -d 192.168.10.100 -p tcp --dport 3389 -J Snat - TO 192.168.10.11

# $ Ipt -t nat -a preording -p TCP -D $ inet_ip --dport 5631 -j dnat --to 192.168.10.23:5631

iptables -t nat -a postrol -d 192.168.10.23 -p TCP - Dport 5631 -J Snat --to 192.168.10.11

$ Ipt -t nat -a preording -p udp -d $ inet_ip --dport 5632 -j dnat --to 192.168.10.23:5632

iptables -t nat -a postrouting -d 192.168.10.23 -p udp --dport 5632 -j snat --to 192.168.10.11

$ Ipt -t nat -a preording -p TCP -D 210.75.18.35 --dport 10001 -J DNAT - TO 202.94.233.28:8080

iptables -t nat -a postrol -d 202.94.233.28 -p TCP - Dport 8080 -J Snat --to 210.75.18.35

$ Ipt -t nat -a preording -p TCP -D 210.75.18.35 --dport 10002 -J DNAT - TO 202.94.233.26:80

iptables -t nat -a postrouting -d 202.94.233.26 -p TCP - Dport 80 -J Snat --to 210.75.18.35

[root @ TEST11 ETC] #

转载请注明原文地址:https://www.9cbs.com/read-51174.html

9cbs

New Post(0)