iptables 端口转发功能简单例子

1.清空已有的清除预设表filter中的所有规则链的规则和filter中使用者自定链中的规则

root@localhost bin]# iptables -F[root@localhost bin]# iptables -X

2，设置端口转发功能，将192.168.91.129 10001端口的请求转发到 192.168.91.129的8080端口

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp -i eno16777736 -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080

3,查看定义的规则

[root@localhost bin]# iptables -t nat -L -n --line-numbersChain PREROUTING (policy ACCEPT)num  target     prot opt source               destination         1    DNAT       tcp  --  0.0.0.0/0            192.168.91.129       tcp dpt:10001 to:192.168.91.129:8080

4，现在可以在外部通过10001端口访问了。但在本机无法访问。需要执行下面的命令

[root@localhost bin]# iptables -t nat -A PREROUTING -p tcp  -i lo  -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 127.0.0.1 --dport 10001 -j DNAT --to 192.168.91.129:8080[root@localhost bin]# iptables -t nat -A OUTPUT -p tcp    -d 192.168.91.129 --dport 10001 -j DNAT --to 192.168.91.129:8080

5，看到下面的结果即成功(80端口要部署好应用)

[root@localhost bin]# wget http://127.0.0.1:10001--2015-06-10 05:04:27--  http://127.0.0.1:10001/Connecting to 127.0.0.1:10001... connected.HTTP request sent, awaiting response... 200 OKLength: unspecified [text/html]Saving to: ‘index.html.3’    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      2015-06-10 05:04:27 (51.4 MB/s) - ‘index.html.3’ saved [11230][root@localhost bin]# wget http://192.168.91.129:10001--2015-06-10 05:04:42--  http://192.168.91.129:10001/Connecting to 192.168.91.129:10001... connected.HTTP request sent, awaiting response... 200 OKLength: unspecified [text/html]Saving to: ‘index.html.4’    [ <=>                                                                                                                                      ] 11,230      --.-K/s   in 0s      2015-06-10 05:04:42 (265 MB/s) - ‘index.html.4’ saved [11230]

备注：1，删除指定的规则。PREROUTING 后面的数字数  iptables -t nat -L -n --line-numbers查的编号

[root@localhost bin]# iptables -t nat -D PREROUTING 1

2，系统的ip转发功能：echo 1 > /proc/sys/net/ipv4/ip_forward

3，redhat7防火墙关闭

防火墙关闭root@localhost Desktop]# systemctl stop firewalld.service [root@localhost Desktop]# systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)   Active: inactive (dead) since Tue 2015-06-09 21:58:35 EDT; 11s ago  Process: 981 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 981 (code=exited, status=0/SUCCESS)Jun 09 21:47:21 localhost.localdomain systemd[1]: Started firewalld - dynamic...Jun 09 21:58:34 localhost.localdomain systemd[1]: Stopping firewalld - dynami...Jun 09 21:58:35 localhost.localdomain systemd[1]: Stopped firewalld - dynamic...Hint: Some lines were ellipsized, use -l to show in full.[root@localhost Desktop]# firewall-cfirewall-cmd     firewall-config  [root@localhost Desktop]# firewall-cmd --reloadFirewallD is not running