1、配置TCP端口转发
把本机20000/TCP端口转发到7.7.7.7:20000
iptables -t nat -A PREROUTING -p tcp --dport 20000 -j DNAT --to-destination 7.7.7.7:20000
iptables -t nat -A POSTROUTING -j MASQUERADE
2、配置UDP端口转发
把本机20000/UDP端口转发到7.7.7.7:20000
iptables -t nat -A PREROUTING -p udp --dport 20000 -j DNAT --to-destination 7.7.7.7:20000
iptables -t nat -A POSTROUTING -j MASQUERADE
3、配置TCP端口转发(限制网卡IP)
本机网卡10.0.0.5:20000端口收到数据转发给7.7.7.7:20000
iptables -t nat -A PREROUTING -p tcp -d 10.0.0.5 --dport 20000 -j DNAT --to-destination 7.7.7.7:20000
iptables -t nat -A POSTROUTING -j MASQUERADE
4、配置UDP端口转发(限制网卡IP)
本机网卡10.0.0.5:20000端口收到数据转发给7.7.7.7:20000
iptables -t nat -A PREROUTING -p udp -d 10.0.0.5 --dport 20000 -j DNAT --to-destination 7.7.7.7:20000
iptables -t nat -A POSTROUTING -j MASQUERADE
5、定向TCP/UDP端口转发链,即不需要添加规则;
(iptables -t nat -A POSTROUTING -j MASQUERADE)
echo "${0} LocalIP LocalPort RemoteIP RemoteTcpPort RemoteUdpPort"
echo "${0} 172.16.0.29 55100 52.175.123.215 5000 10000"
# iptables -t nat -A PREROUTING -p tcp --dport 55100 -j DNAT --to-destination 40.83.118.93:17000
# iptables -t nat -A POSTROUTING -p tcp -d 40.83.118.93 --dport 17000 -j SNAT --to-source 172.16.0.29
# iptables -t nat -A PREROUTING -p udp --dport 55100 -j DNAT --to-destination 40.83.118.93:7000
# iptables -t nat -A POSTROUTING -p udp -d 40.83.118.93 --dport 7000 -j SNAT --to-source 172.16.0.29
iptables -t nat -A PREROUTING -p tcp --dport $2 -j DNAT --to-destination $3:$4
iptables -t nat -A POSTROUTING -p tcp -d $3 --dport $4 -j SNAT --to-source $1
iptables -t nat -A PREROUTING -p udp --dport $2 -j DNAT --to-destination $3:$5
iptables -t nat -A POSTROUTING -p udp -d $3 --dport $5 -j SNAT --to-source $1
iptables -t nat --list -n
![【[NOIP1999 普及组] Cantor 表】](https://img-blog.csdnimg.cn/img_convert/fc9afd6ffef3fe892fc72341b53f77b1.png)
