Water shot
I have a firewall this awareness is relatively low, until not how to use
Or it is the most
iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
It was just before time ran out in contact with the linux redhat6, and later reformed, well, centos7
firewall-cmd --zone=public --add-port=6379/tcp --permanent && firewall-cmd --reload
Until I catch up with the block chain shoulder just spend iptables port forwarding
Above water for a while, the body began to
demand
Make a remote database in a production environment where the operation of the above connection, provided that the database can not be restarted (because the original is only one root user and is limited to local use, the user can not add additional connections)
So this time we can use iptables to do a little map, in fact, that's so iffy, nothing more than nat rule ...
The local port 3306 mapping out becomes 63306, the statement is connected outside
mysql -uroot -p'password' -h xxxxx -P 63306
Note: When accessing 63306, the request will automatically go to 3306, and then returns the data, of course, is not listening 63306 ha, or those used kali penetration friend is not what it should be thought of ...
what? No? When I did not say that.
achieve
Threw three first code to pull it
echo 1 >/proc/sys/net/ipv4/ip_forward sysctl -w net.ipv4.conf.eth0.route_localnet=1 sysctl -w net.ipv4.conf.default.route_localnet=1
Goes without saying that it is doing, and allow packet forwarding []
nat rules
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 63306 -j DNAT --to-destination 127.0.0.1:3306 iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 63306 -j SNAT --to-source 127.0.0.1
Note: This is to allow all incoming IP access, with caution.
Single source IP restrictions
iptables -t nat -R PREROUTING 4 -s 192.168.40.154 -p tcp -m tcp --dport 63306 -j DNAT --to-destination 127.0.0.1:3306 iptables -t nat -R POSTROUTING 4 -s 192.168.40.154 -p tcp -m tcp --dport 63306 -j SNAT --to-source 127.0.0.1
Note: This is only to 192.168.40.154 external network connections, other Rom,
Modify the rule (4 represents a number, --line-number to see the corresponding number, -s specify the source IP).
View nat rules
iptables -L -t nat --line-number
Delete nat rules
iptables -t nat -D POSTROUTING 1
notes
-A addition rules -> the INPUT iptables -A -D delete rule -> iptables -D INPUT 1 (ID) -R & lt modification rules -> iptables -R INPUT 1 -s 192.168.12.0 -j DROP replace existing rules, invariant sequence (position 1 a) -I insertion rule -> iptables -I INPUT 1 --dport 80 -j ACCEPT insert a rule, the rule on the original position will move backward a pick -L rule View - > iptables -L INPUT rules all the rules listed in the chain -N new rules -> iptables -N allowed to define new rules