A, iptables Introduction
iptables firewall can be used to create a filter (filter) and NAT rules. All Linux distributions can use iptables, and therefore understand how to configure iptables will help you to more effectively manage Linux firewall. If you are new to iptables, you will find it very complicated, but once you understand the working principle of iptables, you will find it is actually very simple.
Four table
TABLE filter: filtering rule table
nat table: address conversion rule table
mangle table: modifying the data flag rule table
raw table: Tracking Data Table rule table
Pentachain
input: filtering inbound data
output: the outbound data filtering
forward: forward data filtering
prerouting: pre-filtering routing
postrouting: the route filtering
After entering the external input and prerouting chain
Inside out through the output chain and postroutinf
After routing forwarding prerouting, forward and postrouting chain
iptables command parameters refer to the official document: https://linux.die.net/man/8/iptables
Two, iptables forwarding Environment Introduction
| A server(192.168.1.128) | Provisional web service |
| B server(192.168.1.130) | redis1 |
| C server(192.168.1.131) | redis2 |
Three, IP address forwarding achieve internal
1. A server arranged iptables (Server A server operates)
vim /etc/sysconfig/iptables
*nat :PREROUTING ACCEPT [2:104] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -d 192.168.1.130 -p tcp --dport 6379 -j DNAT --to-destination 192.168.1.131:6379 COMMIT
2. Restart iptables
service iptables restart
3. pulling bin directory from B server A server machine to the server
mkdir -p / usr / local / redis / bin # A server in this step the server operating
SCP / usr / local / redis4 / bin / * 192.168.1.128:/usr/local/redis/bin
4. Directory pulling is completed, the test A server
/ usr / local / Redis / bin / Redis -H CLI- 192.168 . 1.130 -p After 6379 # Normally communication is actually accessed 131
The results of FIG. (To be completed)