# example: #iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 192.168.1.10:8022 #iptables -t nat -A POSTROUTING -d 192.168.1.10 -p tcp --dport 8022 -j MASQUERADE tcp_port_forward() { PROTOCOL=$1 SERVERPORT=$2 DHOST=$3 DPORT=$4 echo "$1, $2, $3, $4" echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p $PROTOCOL --dport $SERVERPORT -j DNAT --to-destination $DHOST:$DPORT iptables -t nat -A POSTROUTING -d $DHOST -p $PROTOCOL --dport $DPORT -j MASQUERADE echo "redirect_port end." } clean_tcp_port_forward() { No=$1 iptables -t nat -D POSTROUTING $No iptables -t nat -D PREROUTING $No echo "clean no $No." } usage() { echo "Usage: $0 PROTOCOL/-d SERVER-PORTD/no HOST DPORT " echo "example1: $0 tcp 443 192.168.1.123 8043" echo " Visit this host on port 8043 equal vist 192.168.1.20:443" echo "example2:" echo " $0 tcp -d 1 " echo " Clean previous rules" echo "Notes: please make sure net.ipv4.ip_forward=1 in /etc/sysctl.conf and run \"sysctl -p\" to apply changes" } if [ $# -ne 4 ]; then if [ $# -ne 2 ]; then usage exit fi fi if [ "$1" == "-d" ]; then clean_tcp_port_forward$2; else sysctl -w net.ipv4.ip_forward=1 tcp_port_forward$1 $2 $3 $4; fi
测试:
/usr/sbin/add_forward tcp 8099 121.71.127.17 8201
即可实现把8099端口的tcp/http数据转发到121.71.127.17 8201上面去了
