iptables NAT实例

Deyou.Yang (yangdeyou@gmail.com) System Management
18 May 2007

实现脚本：
#!/bin/bash
#
#加载ip_tables模块
modprobe ip_tables

#启动网络转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward

#清除iptables列表
iptables -F -t filter
iptables -X -t filter
iptables -Z -t filter
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat

#转发初始设置
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT

#110/25端口转发设置，访问202.105.5.144:110/25的数据包转到61.14.120.3对应的110/25.
iptables -A PREROUTING -t nat -p tcp -d 202.105.5.144 --dport 110 -j DNAT --to 61.14.120.3:110
iptables -A POSTROUTING -t nat -p tcp -d 61.14.120.3 --dport 110 -j SNAT --to 202.105.5.144
iptables -A PREROUTING -t nat -p tcp -d 202.105.5.144 --dport 25 -j DNAT --to 61.14.120.3:25
iptables -A POSTROUTING -t nat -p tcp -d 61.14.120.3 --dport 25 -j SNAT --to 202.105.5.144

#也可以把数据包转到内网地址，把61.14.120.3:110/25转到192.168.10.11:5110/5025.