遠程桌面訪問本地LINUX主機(192.168.1.128),經此機的轉發/轉址功能映射到本地win7主機(192.168.1.120),配置結果如下:
[root@localhost ~]# sysctl -a|grep ip_forward
net.ipv4.ip_forward = 1
[root@localhost ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost ~]# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3389 to:192.168.1.120:3389
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 to:192.168.1.120:3389
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT tcp -- 0.0.0.0/0 192.168.1.120 tcp dpt:3389 to:192.168.1.128
SNAT udp -- 0.0.0.0/0 192.168.1.120 udp dpt:3389 to:192.168.1.128
命令格式:
#目標地址端口爲3389的,轉換爲192.168.1.120:3389
[root@localhost ~]# iptables -t nat -I PREROUTING -p tcp --dport 3389 -j DNAT --to 192.168.1.120:3389
#凡目標地址爲192.168.1.120:3389的,把源地址轉換爲192.168.1.128
[root@localhost ~]# iptables -t nat -I POSTROUTING -p tcp -d 192.168.1.120 --dport 3389 -j SNAT --to 192.168.1.128