# example:
#iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 192.168.1.10:8022
#iptables -t nat -A POSTROUTING -d 192.168.1.10 -p tcp --dport 8022 -j MASQUERADE
tcp_port_forward()
{
PROTOCOL=$1
SERVERPORT=$2
DHOST=$3
DPORT=$4
echo "$1, $2, $3, $4"
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p $PROTOCOL --dport $SERVERPORT -j DNAT --to-destination $DHOST:$DPORT
iptables -t nat -A POSTROUTING -d $DHOST -p $PROTOCOL --dport $DPORT -j MASQUERADE
echo "redirect_port end."
}
clean_tcp_port_forward()
{
No=$1
iptables -t nat -D POSTROUTING $No
iptables -t nat -D PREROUTING $No
echo "clean no $No."
}
usage()
{
echo "Usage: $0 PROTOCOL/-d SERVER-PORTD/no HOST DPORT "
echo "example1: $0 tcp 443 192.168.1.123 8043"
echo " Visit this host on port 8043 equal vist 192.168.1.20:443"
echo "example2:"
echo " $0 tcp -d 1 "
echo " Clean previous rules"
echo "Notes: please make sure net.ipv4.ip_forward=1 in /etc/sysctl.conf and run \"sysctl -p\" to apply changes"
}
if [ $# -ne 4 ]; then
if [ $# -ne 2 ]; then
usage
exit
fi
fi
if [ "$1" == "-d" ]; then
clean_tcp_port_forward$2;
else
sysctl -w net.ipv4.ip_forward=1
tcp_port_forward$1 $2 $3 $4;
fi
测试:
/usr/sbin/add_forward tcp 8099 121.71.127.17 8201
即可实现把8099端口的tcp/http数据转发到121.71.127.17 8201上面去了