内部192.168.0.2:80 映射到外部216.94.87.37:8080
iptables -t nat -A PREROUTING -d 216.94.87.37 -p TCP --dport 8080 -j DNAT --to-destination 192.168.0.2:80
用一个单独的SNAT对回包的端口进行映射
iptables -t nat -A POSTROUTING -p TCP -s 192.168.0.2 --sport 80 -j SNAT --to-source 216.94.87.37:8080