如何合并端口映射的规则?
比如说我要映射30个端口,
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 21 -j DNAT --to-destination 192.168.8.100:21
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 22 -j DNAT --to-destination 192.168.8.100:22
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 5901 -j DNAT --to-destination 192.168.8.100:5901
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30001 -j DNAT --to-destination 192.168.8.100:30001
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30002 -j DNAT --to-destination 192.168.8.100:30002
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30003 -j DNAT --to-destination 192.168.8.100:30003
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30004 -j DNAT --to-destination 192.168.8.100:30004
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30005 -j DNAT --to-destination 192.168.8.100:30005
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30006 -j DNAT --to-destination 192.168.8.100:30006
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30007 -j DNAT --to-destination 192.168.8.100:30007
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30008 -j DNAT --to-destination 192.168.8.100:30008
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30009 -j DNAT --to-destination 192.168.8.100:30009
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30010 -j DNAT --to-destination 192.168.8.100:30010
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30011 -j DNAT --to-destination 192.168.8.100:30011
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30012 -j DNAT --to-destination 192.168.8.100:30012
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30013 -j DNAT --to-destination 192.168.8.100:30013
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30014 -j DNAT --to-destination 192.168.8.100:30014
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30015 -j DNAT --to-destination 192.168.8.100:30015
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30016 -j DNAT --to-destination 192.168.8.100:30016
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30017 -j DNAT --to-destination 192.168.8.100:30017
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30018 -j DNAT --to-destination 192.168.8.100:30018
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30019 -j DNAT --to-destination 192.168.8.100:30019
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30020 -j DNAT --to-destination 192.168.8.100:30020
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30021 -j DNAT --to-destination 192.168.8.100:30021
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30022 -j DNAT --to-destination 192.168.8.100:30022
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30023 -j DNAT --to-destination 192.168.8.100:30023
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30024 -j DNAT --to-destination 192.168.8.100:30024
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30025 -j DNAT --to-destination 192.168.8.100:30025
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30026 -j DNAT --to-destination 192.168.8.100:30026
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30027 -j DNAT --to-destination 192.168.8.100:30027
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30028 -j DNAT --to-destination 192.168.8.100:30028
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30029 -j DNAT --to-destination 192.168.8.100:30029
-A PREROUTING -d 121.40.170.126/32 -p tcp --dport 30030 -j DNAT --to-destination 192.168.8.100:30030
一共30条,有没有可能合并为1条。
写回答
-
/sbin/iptables -I INPUT -p tcp --dport 30001-30009 -j ACCEPT
这样范围就是30001到30009端口全开,这样就不需要建立多个规则了
不过这样的规则不适范围内有要排除的端口(也就是有个别端口不需要打开)
顺便回复下2楼,这和 DMZ没任何关系
2015-11-21 12:30:51赞同 展开评论 打赏 -
-
旺旺:nectar2。楼主您好,
如果需要全部端口转发,可能可以参考一下DMZ的设置。
如果需要部分端口转发,请参考这里:http://bbs.chinaunix.net/thread-2021357-1-1.html
祝您早日解决问题。2015-04-02 09:09:08赞同 展开评论 打赏
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
