Linux iptables 端口转发(2)

3， 本机端口转发
[root@CentOS ~]# iptables -t nat -A PREROUTING -p tcp --dport 1234 -j REDIRECT --to-ports 2345
[root@CentOS ~]# nc -l -k 2345  #开启监听
 
1，
局域网其他主机直接来访问本机2345端口：看看tcpdump输出
linuxidc@Ubuntu~$ nc 172.16.20.183 2345 #远程机访问本机172.16.20.183 2345
 
本机tcpdump输出
[root@CentOS ~]# tcpdump -i eth0 host 172.16.20.245 -tnn
IP 172.16.20.245.44706 > 172.16.20.183.2345: Flags [S], seq 33366406, win 29200, options [mss 1460,sackOK,TS val 4001328 ecr 0,nop,wscale 7], length 0
IP 172.16.20.183.2345 > 172.16.20.245.44706: Flags [R.], seq 0, ack 33366407, win 0, length 0 
 
2，局域网其他主机直接来访问本机1234端口：看看tcpdump输出
linuxidc@ubuntu~$ nc 172.16.20.183 1234 #远程机访问本机172.16.20.183 1234
 
tcpdump在本机看一下：
[root@CentOS ~]# tcpdump -i eth0 host 172.16.20.245 -tnn
IP 172.16.20.245.47332 > 172.16.20.183.1234: Flags [S], seq 3622624416, win 29200, options [mss 1460,sackOK,TS val 4047126 ecr 0,nop,wscale 7], length 0
IP 172.16.20.183.1234 > 172.16.20.245.47332: Flags [S.], seq 123535638, ack 3622624417, win 14480, options [mss 1460,sackOK,TS val 12018501 ecr 4047126,nop,wscale 6], length 0
IP 172.16.20.245.47332 > 172.16.20.183.1234: Flags [.], ack 1, win 229, options [nop,nop,TS val 4047126 ecr 12018501], length 0
IP 172.16.20.245.47332 > 172.16.20.183.1234: Flags [P.], seq 1:2, ack 1, win 229, options [nop,nop,TS val 4047282 ecr 12018501], length 1
IP 172.16.20.183.1234 > 172.16.20.245.47332: Flags [.], ack 2, win 227, options [nop,nop,TS val 12019122 ecr 4047282], length 0
IP 172.16.20.245.47332 > 172.16.20.183.1234: Flags [P.], seq 2:3, ack 1, win 229, options [nop,nop,TS val 4047325 ecr 12019122], length 1
IP 172.16.20.183.1234 > 172.16.20.245.47332: Flags [.], ack 3, win 227, options [nop,nop,TS val 12019297 ecr 4047325], length 0
IP 172.16.20.245.47332 > 172.16.20.183.1234: Flags [P.], seq 3:4, ack 1, win 229, options [nop,nop,TS val 4047353 ecr 12019297], length 1
 
可以看到三次握手成功！

4， 单个端口转发
端口转发 tcp模式：将访问本机1122端口数据包转发给192.168.66.2:5566
iptables -t nat -A PREROUTING -p tcp  --dport 1122 -j DNAT --to-destination 192.168.66.2:5566
 
端口转发 udp模式：将访问本机2233端口数据包转发给192.168.66.2:4455
iptables -t nat -A PREROUTING -p udp  --dport 2233 -j DNAT --to-destination 192.168.66.2:4455

更多iptables相关教程见以下内容：

CentOS 7.0关闭默认防火墙启用iptables防火墙 

Iptables工作原理使用详解

Ubuntu 14.04 配置iptables防火墙

Linux下编译安装iptables 

iptables的备份、恢复及防火墙脚本的基本使用

Iptables工作原理使用详解 

CentOS7下iptables配置过程

Linux下iptables防火墙设置

Linux防火墙iptables详解