Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Linux iptables port mapping settings     - MySQL error: ERROR 1175: You are using safe update mode solution (Database)

- Echo Command Examples (Linux)

- java.net.NoRouteToHostException of Hadoop problem: no route to host (Server)

- Git Experience Sharing - Using a remote repository (Linux)

- Deployment Kubernetes manage Docker example cluster on Ubuntu (Server)

- ARP Linux-related operations (Linux)

- Linux unpack the tar file to a different directory (Linux)

- count (*) function in MySQL optimization of InnoDB storage engine (Database)

- Lua4.0 interpreter entrance (Programming)

- The sublime into IDE (Linux)

- Protect against network attacks using Linux system firewall (Linux)

- Gentoo: startx appeared Failed to load module Problem Solving (Linux)

- 4 lvcreate example commonly used commands (Linux)

- How to modify the Emacs Major Mode Shortcuts (Linux)

- How Mutt mail client to use cipher text password (Linux)

- How to upgrade to Ubuntu 14.04 Ubuntu 14.10 (Linux)

- How to Install Redis server on CentOS 7 (Server)

- CentOS install Java 1.8 (Linux)

- Use smartmontools view the health status of hard disk (Linux)

- MySQL monitoring tools -orzdba (Database)

 
         
  Linux iptables port mapping settings
     
  Add Date : 2018-11-21      
         
         
         
  Iptables port mapping settings are as follows:

Let us have a computer, there are two network cards, eth0 even outside the network, ip is 1.2.3.4; eth1 connected to the network, ip is 192.168.0.1 now we need to be sent to address 1.2.3.4 port 81 ip packet forwarded to. ip address 192.168.0.2 port 8180 is set as follows:

1. iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp -m tcp --dport 81 -j DNAT --to-destination192.168.0.2: 8180

2. iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d 192.168.0.2 -p tcp -m tcp --dport 8180 -j SNAT --to-source 192.168.0.1

The actual transmission process is as follows:

Suppose a client ip address 6.7.8.9, which uses port 1080 to connect the machine 81 1.2.3.4 port, ip packet sent to the source address of 6.7.8.9, the source port is 1080, the destination address is 1.2.3.4, destination port 81.

1.2.3.4 After the host receives the packet, according to the first rule nat table, the destination address of the ip packets more as 192.168.0.2, the destination port is 8180 even more, while the connection tracking table to create an entry, (can be seen from / proc / net / ip_conntrack file), and then sent to the routing module, by checking the routing table to determine the ip packet should be sent to the eth1 interface. ip before sending the packet to the eth1 interface, based on the nat table the second rule, if the ip packets from the same subnet, then the ip packet's source address more that is 192.168.0.1, while updating the connection tracking table in the corresponding entry, and then sent to the eth1 interface issue.

Connection tracking table in this case one of:

Ligated into: src = 6.7.8.9 dst = 1.2.3.4 sport = 1080 dport = 81

Connection returns: src = 192.168.0.2 dst = 6.7.8.9 sport = 8180 dport = 1080

Whether to use: use = 1

Sent back from the 192.168.0.2 ip packet, the source port is 8180, the destination address is 6.7.8.9, destination port is 1080, host 1.2.3.4 of the TCP / IP stack receives the ip package, from the core to find connection tracking table the connection is returned if the column has the same source and destination addresses and ports match, Once found, according to an entry in the records of the source address of the ip packets from the 192.168.0.2 as more of the 1.2.3.4, the source port from the 8180 more 81, to maintain the same destination port number 1080. return package so that the server can return the correct client initiated the connection, communication and thus began.

Another point in the filter table should also be allowed to connect from eth0 8180 address 192.168.0.2 port:

iptables -A INPUT -d 192.168.0.2 -p tcp -m tcp --dport 8180 -i eth0 -j ACCEPT

Through the above example, we know iptables port mapping settings is not difficult!
     
         
         
         
  More:      
 
- Oracle database with test data insertion speed (Database)
- MNIST presentation and database conversion (Database)
- OpenStack package problems and solutions under CentOS6 (Linux)
- Protection Docker container Notice (Server)
- Linux system components Detailed log (Linux)
- Local port forwarding using iptables under linux (Server)
- Build Golang development environment configuration on Ubuntu 14.04 (Linux)
- apt-get and apt-cache show command examples (Linux)
- Win8 mount disk partitions under Ubuntu (Linux)
- Linux Security Module (LSM) Introduction (Linux)
- Installation under Linux to deploy Java (Linux)
- Depth understanding of JavaScript new mechanism (Programming)
- Mysql binlog resolve the garbage problem decryption (Database)
- Android system source code and compile the kernel source code (Programming)
- Use web2py + uWSGI + Nginx Web server built on Linux (Server)
- MySQL loose index scan (Database)
- Ubuntu and derivative users to install the system launcher SimDock 1.3 (Linux)
- Python type way of comparison (Programming)
- Formatted output printf command (Programming)
- How to install Virtualbox 4.3.20 in Ubuntu 14.04 (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.