共享一个Iptables数据转发与端口映射的脚本


lan_subnet=192.168.1.0/24
web_addr=192.168.1.20
wan_addr=$(ifconfig eth0 |grep "inet addr" |awk -F: '{print $2}' |awk '{print $1}')
lan_addr=$(ifconfig eth1 |grep "inet addr" |awk -F: '{print $2}' |awk '{print $1}')

iptables -F INPUT
iptables -F FORWARD
iptables -F POSTROUTING -t nat
iptables -A FORWARD -s ${lan_subnet} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -d ${wan_addr} -p tcp --dport 80 -j DNAT --to ${web_addr}:80
iptables -t nat -A POSTROUTING -d ${web_addr} -p tcp --dport 80 -j SNAT --to ${lan_addr}
 
iptables -t nat -A POSTROUTING -o eth0 -s ${lan_subnet} -j MASQUERADE

iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

sysctl -w net.ipv4.ip_forward=1

  1. #1 by inbi on 2011/07/06 - 10:04

    你好,你的blog非常优秀,想和你换链可以吗?

    • #2 by mcsrainbow on 2011/07/31 - 21:39

      过奖了,欢迎互换链接,我已经先把你的加上了。

(will not be published)
*