iptables-DNAT-端口映射
做一个子ip
ip addr add 10.0.0.7/24 dev eth0 label eth0:0
DNAT端口映射模式
[root@lb01-5 ~]# iptables -t nat -A PREROUTING -d 10.0.0.5 -p tcp --dport 9000 -j DNAT --to-destination 172.16.1.31:22 [root@lb01-5 ~]# iptables -t nat -A PREROUTING -d 10.0.0.5 -p tcp --dport 8888 -j DNAT --to-destination 172.16.1.31:22
查看
[root@lb01-5 ~]# iptables -nL -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 0.0.0.0/0 10.0.0.5 tcp dpt:9000 to:172.16.1.31:22 DNAT tcp -- 0.0.0.0/0 10.0.0.5 tcp dpt:8888 to:172.16.1.31:22 Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 172.16.1.0/24 0.0.0.0/0 to:10.0.0.5 Chain OUTPUT (policy ACCEPT) target prot opt source destination
实现
浙公网安备 33010602011771号