iptables:在不同的接口和端口上转发请求 [英] Iptables: forward request on different interfaces and port

问题描述

我有一台具有2个界面的机器:

I have a machine with 2 interfaces:

eth0      inet addr:1.1.1.1
eth1      inet addr:2.2.2.2

eth0是服务器，eth1是虚拟机上的网络.

eth0 is a server, eth1 is the network on virtual machine.

我在服务器上有ssh，所以1.1.1.1:22很忙.

I have ssh on server, so 1.1.1.1:22 is busy.

我需要一条规则，将eth0端口6000上的传入连接重定向到eth1，端口22(虚拟机ip)上的ip 2.2.2.100.

I need a rule for redirecting incoming connections on eth0 port 6000 to eth1, ip 2.2.2.100 on port 22 (virtual machine ip).

在这种模式下，如果我在外部计算机上这样做，

In this mode if I did, on an external machine,

ssh -p 6000 root@1.1.1.1

我将在虚拟机上登录.

我尝试了此规则，但是没有用:

I tried this rule but it didn't work:

sudo iptables -P FORWARD ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6000 -j DNAT --to 2.2.2.100:22

推荐答案

在这种情况下，大约有100万个脚本/教程/内容，但如果有人从Google登陆到这里，则是这样的:

Well there are like 1 million scripts/tutorials/things for this case, but if someone lands from google to here is something like this:

iptables -I FORWARD -d 2.2.2.2 -m comment --comment "Accept to forward ssh traffic" -m tcp -p tcp --dport 22 -j ACCEPT    
iptables -I FORWARD -m comment --comment "Accept to forward ssh return traffic" -s 2.2.2.2 -m tcp -p tcp --sport 22 -j ACCEPT    
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 60000 -m comment --comment "redirect pkts to virtual machine" -j DNAT --to-destination 2.2.2.2:22   
iptables -t nat -I POSTROUTING -m comment --comment "NAT the src ip" -d 2.2.2.2 -o eth1 -j MASQUERADE

这篇关于iptables:在不同的接口和端口上转发请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！