Linux使用iptables进行端口转发

Ubuntu/Debian

开启转发

sysctl net.ipv4.ip_forward

如果显示

net.ipv4.ip_forward = 1

则为开启了转发，否则需要

echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.conf
sysctl -p

本地445转发到888

sudo iptables -t nat -A PREROUTING -p tcp --dport 445 -j REDIRECT --to-port 888

将本地445转发到192.168.68.1:888

sudo iptables -t nat -A PREROUTING -p tcp --dport 445 -j DNAT --to-destination 192.168.68.1:888
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

其中tcp可以改为udp

查看现有规则

sudo iptables -L

将10086转发到30000-50000范围的任意端口

sudo iptables -t nat -A PREROUTING -p tcp --dport 10086 -j DNAT --to-destination :30000-50000

保存配置

sudo iptables-save

自动加载配置

apt-get install iptables-persistent

Centos

卸载防火墙

yum -y remove firewall*

一键脚本安装

yum install -y wget && wget -N --no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubiBackup/doubi/master/iptables-pf.sh && chmod +x iptables-pf.sh && bash iptables-pf.sh 

手动安装

yum -y install iptables-services

启动

systemctl start iptables