Port Forwarding Gateway via iptables on Linux
1、
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html#NATSG
1.1、Create instance form ami :ami-vpc-nat-hvm choese best new
***NAT AMI***
1.2、
Check.IPv4 forwarding is enabled and ICMP redirects are disabled in /etc/sysctl.d/10-nat-settings.conf
IPv4 forwarding =1
Run.A script located at /usr/sbin/configure-pat.sh runs at startup and configures iptables IP masquerading.
Here have problem, so must delete POSTROUTING
sudo iptables -t nat -D POSTROUTING 1
2、
https://holtstrom.com/michael/blog/post/400/Port-Forwarding-Gateway-via-iptables-on-Linux.html
eth0 10.0.0.219 52.78.165.129
eth1 10.0.1.149
web server 10.0.1.249
iptables -vxnL –line-numbers
iptables -t nat -vxnL –line-numbers
watch -n 1 sudo iptables -vxnL –line-numbers
watch -n 1 sudo iptables -t nat -vxnL –line-numbers
===Start===
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.219 –dport 888 \
-j DNAT –to-destination 10.0.1.249:80
☆iptables -t nat -A POSTROUTING -j MASQUERADE //key point, can’t use out eth0
===抓封包===
tcpdump -i eth0 -p tcp and port 888 -n -v
===刪除===
iptables -D INPUT 2
iptables -t nat -D PREROUTING 2
iptables -t nat -D POSTROUTING 2
===無用===
iptables -A FORWARD -p tcp -m conntrack –ctstate RELATED,ESTABLISHED -d 10.0.1.249 -j ACCEPT
iptables -A FORWARD -d 10.0.1.249 -p tcp –dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT –to-source 10.0.0.219
===無用===
===無用 這行解決 telnet localhost 888===
iptables -t nat -A OUTPUT -p tcp -o lo –dport 888 -j DNAT –to 10.0.1.249:80