iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
把发往本地的 80 端口的数据转发到 8080 端口。
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
从本地80端口发出的数据转发到8080端口。
扩展一下,把脚本保存为 /etc/ini.d/ipt ,可以使用 sudo /etc/init.d/ipt {start|stop|restart} 来执行
#! /bin/sh
# This program is used to use start my iptables.
#History :
# 11/05/2007 12:54:05 comet
PATH=/sbin:/bin:/usr/sbin:/usr/bin
case "$1" in
start)
echo -n "Staring to write your Iptbales:..."
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
echo "Ok"
;;
stop)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -Z -t nat
echo "Ok"
;;
restart)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -Z -t nat
echo "Ok"
echo -n "Staring to write your Iptbales:..."
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 6000 -j DNAT --to-destination $Localip:5900
echo "Ok"
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
exit 0
把发往本地的 6000 端口的数据转发到 5900 端口,用来绕过端口封锁
你好,如果我想在6000端口保留一份数据,同时转发到5900端口,要怎么实现呢?
我的邮箱iamhycljc@163.com,谢谢!
[reply=comet,2011-10-13 02:33 PM]需利用iptables的route模块来实现端口镜像,如:http://netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc4.5,不过还是建议使用交换机。[/reply]