配置iptables NAT端口轉發 實現內網服務器端口提供公網接入

1、每臺服務器指定明細路由：
 

route -n
route add -host 218.218.218.218 gw 192.168.0.28
route -n

2、0.28服務器指定明細轉發規則。同時指定DNAT與SNAT

iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22205 -j DNAT --to-destination 192.168.0.5:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22226 -j DNAT --to-destination 192.168.0.26:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22227 -j DNAT --to-destination 192.168.0.27:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22231 -j DNAT --to-destination 192.168.0.31:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22241 -j DNAT --to-destination 192.168.0.41:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22242 -j DNAT --to-destination 192.168.0.42:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22243 -j DNAT --to-destination 192.168.0.43:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22244 -j DNAT --to-destination 192.168.0.44:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22245 -j DNAT --to-destination 192.168.0.45:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22246 -j DNAT --to-destination 192.168.0.46:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22247 -j DNAT --to-destination 192.168.0.47:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22248 -j DNAT --to-destination 192.168.0.48:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22249 -j DNAT --to-destination 192.168.0.49:5666
iptables -t nat -A PREROUTING -d 123.123.123.123 -p tcp --dport 22250 -j DNAT --to-destination 192.168.0.50:5666
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.5 --sport 5666 -j SNAT --to-source 123.123.123.123:22205
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.25 --sport 5666 -j SNAT --to-source 123.123.123.123:22225
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.26 --sport 5666 -j SNAT --to-source 123.123.123.123:22226
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.27 --sport 5666 -j SNAT --to-source 123.123.123.123:22227
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.31 --sport 5666 -j SNAT --to-source 123.123.123.123:22231
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.41 --sport 5666 -j SNAT --to-source 123.123.123.123:22241
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.42 --sport 5666 -j SNAT --to-source 123.123.123.123:22242
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.43 --sport 5666 -j SNAT --to-source 123.123.123.123:22243
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.44 --sport 5666 -j SNAT --to-source 123.123.123.123:22244
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.45 --sport 5666 -j SNAT --to-source 123.123.123.123:22245
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.46 --sport 5666 -j SNAT --to-source 123.123.123.123:22246
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.47 --sport 5666 -j SNAT --to-source 123.123.123.123:22247
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.48 --sport 5666 -j SNAT --to-source 123.123.123.123:22248
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.49 --sport 5666 -j SNAT --to-source 123.123.123.123:22249
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.50 --sport 5666 -j SNAT --to-source 123.123.123.123:22250

3、配置各nrpe，添加218.218.218.218監控ip
vi /usr/local/nagios/etc/nrpe.conf

4、重啓nrpe
找到nrpe的進程號，
kill -HUP 進程號

或者kill -9 進程號
然後運行以下命令：
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d

 

參考資料：

http://www.rosoo.net/a/201204/15899.html