Pages

Sunday, 29 April 2012

iptables转发规则

较为简明易懂的解释
http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html

http://straylink.wordpress.com/2006/08/16/using-iptables-to-redirect-packets/
REDIRECT to localhost
Lets say you want to take packets on one interface and want them forwarded to a service running on localhost – i.e. a database server that requires limited external exposure (no thats not what I’m working on, like I’d reveal my cards so easily!) Ok – googling ‘iptables forward localhost’ results in some mail list postings essentially saying ‘you cannot forward packets from a real interface to a local loopback interface’. True enough. However, IPTables does support REDIRECTing them, like so
iptables -t nat -A PREROUTING -p tcp -d 198.168.1.254 --dport 80
-j REDIRECT --to-ports 8080
The above rule adds a PREROUTING command to your nat table, stating any TCP packets destined for 192.168.1.254 on port 80 should be redirected to localhost port 8080. So breaking down the above example into template format, you have
iptables -t nat -A PREROUTING -p tcp -d DEST_IP --dport DEST_PORT
-j REDIRECT --to-ports LOCAL_PORTS