使用ip rule和iptables管理openVZ虚拟机的网络和端口映射管理

使用iptables管理openvz的端口映射

多个IP也能分别进行映射端口

使用ip rule来分配外网IP给不同的VZ

ip rule add table main prio 10
ip route replace default via 173.82.255.1 table default
#ip route replace 10.86.0.0/16 via 192.168.30.1 table default
ip route del default table main
ip route replace default via 173.82.255.1 table 101
ip route replace default via 173.82.152.1 table 102
ip rule add from 10.173.1.0/24 table 101 prio 100
ip rule add from 10.173.2.0/24 table 102 prio 100

iptables -t nat -F

#wan101
iptables -t nat -A POSTROUTING -j SNAT --to 173.82.255.41 -s 10.173.1.0/24
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 1689 -j DNAT --to-destination 10.173.1.1:1688
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.173.1.1:80
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5550 -j DNAT --to-destination 10.173.1.1:5550
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5551 -j DNAT --to-destination 10.173.1.1:5551
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5555 -j DNAT --to-destination 10.173.1.1:5555
#iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 9930 -j DNAT --to-destination 10.173.1.1:9930
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 22879 -j DNAT --to-destination 10.173.1.1:22
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 1030:1039 -j DNAT --to-destination 10.173.1.3:1030-1039

#wan102
iptables -t nat -A POSTROUTING -j SNAT --to 173.82.152.60 -s 10.173.2.0/24
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.173.2.2:80
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.173.2.2:443
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 8888 -j DNAT --to-destination 10.173.2.2:8888
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 2204 -j DNAT --to-destination 10.173.2.4:22
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 1040:1049 -j DNAT --to-destination 10.173.2.4:1040-1049


#iptables -t nat -A POSTROUTING -s 10.173.0.0/16 -d 10.86.0.0/16 -o vpn_vpn -j MASQUERADE

 

posted on 2022-05-03 15:35  项希盛  阅读(152)  评论(0)    收藏  举报

博客园  ©  2004-2025
浙公网安备 33010602011771号 浙ICP备2021040463号-3