-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptables
37 lines (26 loc) · 2.21 KB
/
iptables
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination ip:port
iptables -t nat -A PREROUTING -p tcp --dport 1112 -j DNAT --to-destination ip:port
iptables -t nat -A PREROUTING -p tcp --dport 1113 -j DNAT --to-destination ip:port
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -I PREROUTING -p tcp --dport 8080 -j DNAT --to 115.28.22.254:25565
iptables -t nat -I PREROUTING -p tcp --dport 8081 -j DNAT --to 112.74.64.120:25565
iptables -t nat -I PREROUTING -p tcp --dport 8082 -j DNAT --to 115.28.22.254:25566
iptables -t nat -I POSTROUTING -p tcp --dport 25565 -j MASQUERADE
iptables -t nat -I POSTROUTING -p tcp --dport 25566 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 10080 -j DNAT --to 192.168.122.122:80
iptables -t nat -A PREROUTING -p tcp --dport 10022 -j DNAT --to 192.168.122.122:22
iptables -t nat -A POSTROUTING -j MASQUERADE
service iptables restart
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 0 -j DNAT --to-destination 192.168.1.101:443
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 1 -j DNAT --to-destination 192.168.1.102:443
iptables -A PREROUTING -i eth0 -p tcp --dport 443 -m state --state NEW -m nth --counter 0 --every 3 --packet 2 -j DNAT --to-destination 192.168.1.103:443
iptables -t nat -A PREROUTING -p tcp -d 192.168.102.37 --dport 422 -j DNAT --to 192.168.102.37:22
iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 10.0.0.3:80
iptables -t nat -A PREROUTING -p tcp --dport 80 -m state --state NEW -m statistic --mode nth --every 1 --packet 0 -j DNAT --to-destination 192.168.0.2:80
RHEL/CentOS also offer simple methods to permanently save iptables rules for IPv4 and IPv6.
There is a service called "iptables". This must be enabled.
# chkconfig --list | grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig iptables on
The rules are saved in the file /etc/sysconfig/iptables for IPv4 and in the file /etc/sysconfig/ip6tables for IPv6. You may also use the init script in order to save the current rules.
# service iptables save