Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Server \ Linux iptables port mapping settings     - C ++ 11 feature: auto keyword (Programming)

- VMware6 achieve nat Internet (Linux)

- What happens after the MySQL disk space is full (Database)

- Ubuntu and Derivative Edition users install LMMS 0.4.15 (Linux)

- OpenJDK 7 compiled under Ubuntu 14.04.3 64-bit (Linux)

- 7 extremely dangerous Linux commands (Linux)

- How to handle special characters in JSON (Programming)

- Linux foundation tutorial: how to modify the host name on CentOS or RHEL 7 (Linux)

- Use value type build better applications Swift (Programming)

- Linux boot process (Linux)

- Mount and unloading disks under Linux (Linux)

- Linux using DenyHosts prevents ssh cracks (Linux)

- Redis Design and Implementation study notes (Database)

- System Security: Build Linux with LIDS steel castle (Linux)

- How to install or upgrade to the Linux kernel in Ubuntu 4.2 (Linux)

- Reset CentOS / RHEL root account password 7 (Linux)

- Linux desktop system using the remote server in clear text ssh password (Server)

- Port is not being used, how will bind failure? (Server)

- The wrong in Linux: too many open files (Linux)

- Lazarus for Raspbian installation (Linux)

 
         
  Linux iptables port mapping settings
     
  Add Date : 2018-11-21      
         
         
         
  Iptables port mapping settings are as follows:

Let us have a computer, there are two network cards, eth0 even outside the network, ip is 1.2.3.4; eth1 connected to the network, ip is 192.168.0.1 now we need to be sent to address 1.2.3.4 port 81 ip packet forwarded to. ip address 192.168.0.2 port 8180 is set as follows:

1. iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp -m tcp --dport 81 -j DNAT --to-destination192.168.0.2: 8180

2. iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -d 192.168.0.2 -p tcp -m tcp --dport 8180 -j SNAT --to-source 192.168.0.1

The actual transmission process is as follows:

Suppose a client ip address 6.7.8.9, which uses port 1080 to connect the machine 81 1.2.3.4 port, ip packet sent to the source address of 6.7.8.9, the source port is 1080, the destination address is 1.2.3.4, destination port 81.

1.2.3.4 After the host receives the packet, according to the first rule nat table, the destination address of the ip packets more as 192.168.0.2, the destination port is 8180 even more, while the connection tracking table to create an entry, (can be seen from / proc / net / ip_conntrack file), and then sent to the routing module, by checking the routing table to determine the ip packet should be sent to the eth1 interface. ip before sending the packet to the eth1 interface, based on the nat table the second rule, if the ip packets from the same subnet, then the ip packet's source address more that is 192.168.0.1, while updating the connection tracking table in the corresponding entry, and then sent to the eth1 interface issue.

Connection tracking table in this case one of:

Ligated into: src = 6.7.8.9 dst = 1.2.3.4 sport = 1080 dport = 81

Connection returns: src = 192.168.0.2 dst = 6.7.8.9 sport = 8180 dport = 1080

Whether to use: use = 1

Sent back from the 192.168.0.2 ip packet, the source port is 8180, the destination address is 6.7.8.9, destination port is 1080, host 1.2.3.4 of the TCP / IP stack receives the ip package, from the core to find connection tracking table the connection is returned if the column has the same source and destination addresses and ports match, Once found, according to an entry in the records of the source address of the ip packets from the 192.168.0.2 as more of the 1.2.3.4, the source port from the 8180 more 81, to maintain the same destination port number 1080. return package so that the server can return the correct client initiated the connection, communication and thus began.

Another point in the filter table should also be allowed to connect from eth0 8180 address 192.168.0.2 port:

iptables -A INPUT -d 192.168.0.2 -p tcp -m tcp --dport 8180 -i eth0 -j ACCEPT

Through the above example, we know iptables port mapping settings is not difficult!
     
         
         
         
  More:      
 
- MySQL 5.7 can not log in problem (Database)
- Use UDEV SCSI Rules configured ASM on Oracle Linux 5 and 6 (Database)
- Build ASP.NET 5 development environment in Ubuntu (Server)
- HTTPS Encryption Algorithm (Linux)
- RHEL5 stalled due to power service error system can not start (Linux)
- Linux SU command security Suggestions (Linux)
- Use virt-manager to create and manage virtual machines (Linux)
- Restore database fault encountered ORA-0600 (Database)
- The most concise explanation of JavaScript closures (Programming)
- Ubuntu deployed under regular tasks with crontab (Linux)
- Docker Private Registry Installation Guide at CentOS6.X (Linux)
- Linux System Administrator common interview questions and answers 30 (Linux)
- Ubuntu Apache virtual host configuration (Server)
- Service Discovery: Zookeeper vs etcd vs Consul (Server)
- Ubuntu 14.04 to install Blender 2.71 (Linux)
- MySQL Data Types (Database)
- Squid proxy server configuration under Linux (Server)
- Linux user groups, file permissions Detailed (Linux)
- Linux Tutorial Share: How to sudo command to define the PATH environment variable (Linux)
- Creating and extracting archives 11 tar command examples in Linux (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.