//防止PING
iptables -A INPUT -p icmp -s ! 192.168.10.0/24 -j DROP
//
iptables -t nat -A POSTROUTING -s 192.168.10.9 -j SNAT --to-source 10.136.100.12
//ADSL共享上网
iptables -t nat -o ppp0 -A POSTROUTING -j MASQUERADE
端口转发
# forward to 192.168.10.200:22 ssh
iptables -t nat -A PREROUTING -d 10.136.100.12 -p tcp --dport 2222 -j DNAT --to 192.168.10.200:22
iptables -t nat -A POSTROUTING -d 192.168.10.200 -p tcp --dport 22 -j SNAT --to 192.168.10.99
# forward to 192.168.10.200:80 web
iptables -t nat -A PREROUTING -d 10.136.100.12 -p tcp --dport 81 -j DNAT --to 192.168.10.200:80
iptables -t nat -A POSTROUTING -d 192.168.10.200 -p tcp --dport 80 -j SNAT --to 192.168.10.99
//iptables + pcanywhere
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5631:5632 -j DNAT --to-destination 192.168.0.52
iptables -A FORWARD -i ppp0 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -p tcp -d 192.168.0.52 --dport 5631:5632 -j ACCEPT
//iptables + dmz
iptables -t nat -A PREROUTING -i eth1 -j DNAT --to-destination 192.168.10.236
阅读(1268) | 评论(0) | 转发(0) |