iptables-snat-dnat-设置

nat internet
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j SNAT --to-source $LAN_GW_IP



IPT=/sbin/iptables
LAN_GW_IP=192.168.0.15
WAN_GW_IP=10.0.0.15
LAN_SERVER=192.168.0.14

#www server nat wan to lan
iptables -t nat -A PREROUTING  -d $WAN_GW_IP -p tcp -m tcp --dport 80 -j DNAT --to-destination $$LAN_SERVER:80
iptables -t nat -A POSTROUTING -d $LAN_SERVER -p tcp --dport 80 -j SNAT --to LAN_GW_IP

nat internet
iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth1 -j SNAT --to-source $LAN_GW_IP

#www server nat wan to lan
iptables -t nat -A PREROUTING  -d 106.75.50.152 -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62:3306
iptables -t nat -A PREROUTING  -d 106.75.50.152 -p udp -m udp --dport 3306 -j DNAT --to-destination 10.19.66.62:3306


iptables -t nat -A POSTROUTING -d 10.19.66.62 -p tcp --dport 3306 -j SNAT --to 10.19.0.1

iptables -t nat -A PREROUTING  -d 106.75.50.152 -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62:3306
iptables -t nat -A POSTROUTING -d 10.19.66.62 -p tcp --dport 3306 -j SNAT --to-source 10.19.136.67


iptables -A FORWARD -s 10.19.0.0/16 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356

route add -net 10.19.0.0/16 dev eth0


iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62 
iptables -t nat -A POSTROUTING -d 10.19.136.67/32 -p tcp -j SNAT --to-source 10.19.0.1


iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62
iptables -t nat -A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.136.67


-A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62 
-A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.0.1 


iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62:3306
iptables -t nat -A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.136.67


iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62
iptables -t nat -A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.136.67



iptables -t nat -A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62
iptables -t nat -A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.136.67


IPT=/sbin/iptables
LAN_GW_IP=192.168.0.15
WAN_GW_IP=10.0.0.15
LAN_SERVER=192.168.0.14


DNAT 7.0 配置2016.8.26

[root@10-19-136-67 ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
#访问本机的3306端口，给映射到 10.19.66.62   这个数据库IP DNAT，进来之前转换
-A PREROUTING -p tcp -m tcp --dport 3306 -j DNAT --to-destination 10.19.66.62  
#访问 10.19.66.62/32  这个ip 地址，，出口走自己的IP地址， SNAT 进来之后转换 
-A POSTROUTING -d 10.19.66.62/32 -p tcp -j SNAT --to-source 10.19.136.67

COMMIT
[root@10-19-136-67 ~]# iptables  -t nat -L -n       
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:3306 to:10.19.66.62

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       tcp  --  0.0.0.0/0            10.19.66.62          to:10.19.136.67
[root@10-19-136-67 ~]#