SNAT，DNAT，REDIRECT 练习题

SNAT，DNAT，REDIRECT 练习题

firewall> echo 1 > /proc/sys/net/ipv4/ip_forward

                iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.209.19

                iptables -t nat -R POSTROUTING 1 -s 192.168.1.0/24 -j MASQUERADE

实现了内网的主机通过SNAT技术上网了

A> yum install httpd -y

    sed -ri 's@^#(ServerName)@\1@' /etc/httpd/conf/httpd.conf

    service httpd start

    echo LAN > /var/www/html/index.html

firewall> iptables -t nat -A PREROUTING -d 192.168.209.19 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.9:80

                iptables -t nat -A PREROUTING -d 192.168.209.19 -p tcp --dport 3306 -j DNAT --to-destination 192.168.1.49:3306

B> yum install mysql-server -y

      service mysqld start

        mysql -e "grant all on *.* to test@192.168.209.29 identified by 'test'"

C> yum install mysql -y

     mysql -utest -ptest -h 192.168.209.19

    curl 192.168.209.19

实现了外网访问内网的网站，数据库资源

 

由于需要，A机器上的80端口被其它程序占用，只好做如下处理：

A> sed -ri '/^Listen/c\Listen 8080' /etc/httpd/conf/httpd.conf

      service httpd restart

    iptables -t nat -A PREROUTING -d 192.168.1.9 -p tcp --dport 80 -j REDIRECT --to-ports 8080

 

 

 

 

来源：oschina

链接：https://my.oschina.net/u/4270793/blog/3156417