linux: 用iptables搭建NAT服务

客户端所在局域网的网关的配置(SNAT):

iptables -t nat -A POSTROUTING -s 192.168.0.2 -o eth0 -j MASQUERADE  #把来自内网192.168.0.2的数据包通过eth0这个外网网口转发出去,并把数据包的源IP改成eth0网口的IP 

服务器所在局域网的网关的配置(DNAT):

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.10:80 #把来自外网(网口eth0)的数据包的目标IP改为192.168.100.10,好让它最终到达内网里的192.168.100.10机器 

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.