iptables -t nat -A PREROUTING -p tcp -m tcp --dport 12360 -j DNAT --to-destination 172.16.144.180:3306
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 10086 -j DNAT --to-destination 172.16.144.180:22
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp --dport 10086 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 10086 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 3308 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3308 -j ACCEPT
iptables -A INPUT -p udp --dport 3308 -j ACCEPT
iptables -A OUTPUT -p udp --sport 3308 -j ACCEPT
service iptables save
cat /etc/sysconfig/iptables
systemctl restart iptables
# Generated by iptables-save v1.4.21 on Wed Oct 24 20:44:06 2018
*nat
:PREROUTING ACCEPT [1:44]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [200:13724]
:POSTROUTING ACCEPT [1:124]
-A PREROUTING -p tcp -m tcp --dport 10086 -j DNAT --to-destination 172.16.144.180:22
-A PREROUTING -p tcp -m tcp --dport 12360 -j DNAT --to-destination 172.16.144.180:3306
COMMIT
# Completed on Wed Oct 24 20:44:06 2018
# Generated by iptables-save v1.4.21 on Wed Oct 24 20:44:06 2018
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10086 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 12360 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 10086 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 12360 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 3306 -j ACCEPT
COMMIT