1. NAT service
echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j SNAT --to 218.222.22.124 |
# explain
echo 1 > /proc/sys/net/ipv4/ip_forward
# Enable forwarding
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j SNAT --to 218.222.22.124 # Forward all 10.0.2.x ip packets to the public network ip of 218.222.22.124, Through these two commands, you can achieve intranet ip sharing and Internet access
2. Port mapping
# Explanation
If you access port 80 of 218.222.22.124, the packet will be forwarded to port 80 of 10.0.0.187
Example: transfer the request of 10.20.192.75:9000 to
10.20.192.73:80 and operate on 10.20.192.75:
a. echo 1 > /proc/sys/net/ipv4/ip_forward
b. vi /etc/sysconfig/iptables
-A PREROUTING -p tcp -m tcp --dport 9000 -j DNAT --to-destination 10.20.192.73:80
-A POSTROUTING -d 10.20.192.73 -p tcp -m tcp --dport 80 -j SNAT --to-source 10.20.192.75
iptables -t nat -A POSTROUTING -s 10.0.2.0/24 -j SNAT --to 218.222.22.124 # Forward all 10.0.2.x ip packets to the public network ip of 218.222.22.124, Through these two commands, you can achieve intranet ip sharing and Internet access
2. Port mapping
iptables -t nat -A PREROUTING --dst 218.222.22.124 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.187:80 |
# Explanation
If you access port 80 of 218.222.22.124, the packet will be forwarded to port 80 of 10.0.0.187
Example: transfer the request of 10.20.192.75:9000 to
10.20.192.73:80 and operate on 10.20.192.75:
a. echo 1 > /proc/sys/net/ipv4/ip_forward
b. vi /etc/sysconfig/iptables
-A PREROUTING -p tcp -m tcp --dport 9000 -j DNAT --to-destination 10.20.192.73:80
-A POSTROUTING -d 10.20.192.73 -p tcp -m tcp --dport 80 -j SNAT --to-source 10.20.192.75