scene one:
The 80-port external network access 192.168.100.10 forwarded to 192.168.75.5:8000 port. # Iptables -t nat -A PREROUTING -d 192.168.100.10 -p tcp --dport 80 -j DNAT --to-destination 192.168.75.5:8000
Question one:
We will 192.168.75.5 port to port service mapping 8080 to 192.168.100.10 on 80, then 192.168.100. * Network can access the service to 192.168.75.5:8080
But not including the network through external mapping out ip and port access
In order to solve this problem we have to sort out his thoughts, including network mapping out the local access network ip and port, then the source address must be a conversion has occurred, and traffic must be flowing through the network card,
So we can not let him flow through the network card, so that the kernel to deal with it
My idea: The machine will be forwarded directly to the local flow out of 8080 do not able to solve this problem, as in the case of network device does not support reflux, why they think this way, has been tested successfully resolve this issue
The machine access port 80 is forwarded to the unit 8080 # iptables -A -t NAT 127.0.0.1 --dport the OUTPUT -p TCP -d 80 -j DNAT --to 127.0.0.1:8080 # -t NAT iptables -A OUTPUT -p tcp -d 192.168.100.10 --dport 80 -j DNAT --to 127.0.0.1:8080
The reason: because the network reflux caused by internal network can not access the public network IP application server After NAT, if the server is on the dmz zone is another segment not have this problem
Reference: https://blog.csdn.net/lllcfr/article/details/42023411