{"id":2523,"date":"2016-04-28T10:34:00","date_gmt":"2016-04-28T02:34:00","guid":{"rendered":"http:\/\/dingxuan.info\/wp\/?p=2523"},"modified":"2016-04-28T10:34:36","modified_gmt":"2016-04-28T02:34:36","slug":"%e7%94%a8iptables%e5%81%9a%e7%ab%af%e5%8f%a3%e8%bd%ac%e5%8f%91","status":"publish","type":"post","link":"https:\/\/ybzx.vip\/wp\/?p=2523","title":{"rendered":"\u7528iptables\u505a\u7aef\u53e3\u8f6c\u53d1"},"content":{"rendered":"<div class=\"doc_header\">\n<h1>Forwarding Traffic with IPTables on CentOS 6<\/h1>\n<div><\/div>\n<\/div>\n<div class=\"doc_content\">\n<h2>Introduction<\/h2>\n<p>Welcome! In this tutorial, I&#8217;ll explain how to forward TCP\/UDP traffic to a new server. This can especially be useful when you&#8217;re migrating your Vultr VPS to a new location. This tutorial covers both 32 and 64 bit versions of CentOS 6.<!--more--><\/p>\n<h2>Install IPTables<\/h2>\n<p>Before we can start, IPTables must be installed. Install IPTables with the following command.<\/p>\n<pre><code>yum install iptables -y\r\n<\/code><\/pre>\n<h2>Enable routing<\/h2>\n<p>Packet forwarding must be enabled on your server for this method to work. Open the file <code>\/etc\/sysctl.conf<\/code>. Make sure the following line is enabled, and set to &#8220;1&#8221;:<\/p>\n<pre><code>net.ipv4.ip_forward = 1\r\n<\/code><\/pre>\n<p>Save the file, then run:<\/p>\n<pre><code>sysctl -p\r\n<\/code><\/pre>\n<h2>Configure IPTables<\/h2>\n<h3>Step One<\/h3>\n<p>Perform the commands below accordingly to your needs. Change &#8220;2.2.2.2&#8221; to your new server&#8217;s IP address and &#8220;venet0&#8221; to your Ethernet adapter. Also, change &#8220;80:90&#8221; to the desired port range that will be forwarded.<\/p>\n<pre><code>iptables -A FORWARD -d 2.2.2.2 -i venet0 -p tcp -m tcp --dport 80:90 -j ACCEPT\r\n<\/code><\/pre>\n<p>If you want to forward a single port, simply replace the port range above with a single port. To forward UDP instead, replace instances of &#8220;tcp&#8221; above with &#8220;udp&#8221;.<\/p>\n<h3>Step Two<\/h3>\n<p>Add routes for your newly added rules. Rules refer to the directives inside of IPTables. In this example, &#8220;1.1.1.1&#8221; represents your old server&#8217;s IP address and like before, &#8220;2.2.2.2&#8221; represents the destination\/new server&#8217;s IP. Again, update the port range and TCP\/UDP strings as needed.<\/p>\n<pre><code>iptables -t nat -A PREROUTING -d 1.1.1.1 -p tcp -m tcp --dport 80:90 -j DNAT --to-destination 2.2.2.2\r\n<\/code><\/pre>\n<h3>Step Three<\/h3>\n<p>Finalize the NAT forwarding. Change &#8220;venet0&#8221; to your Ethernet adapter.<\/p>\n<pre><code>iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE\r\n<\/code><\/pre>\n<h3>Step Four<\/h3>\n<p>Save our newly added rules and soft-restart IPTables.<\/p>\n<pre><code>service iptables save\r\nservice iptables reload<\/code><\/pre>\n<\/div>\n<p>From: https:\/\/www.vultr.com\/docs\/forwarding-traffic-with-iptables-on-centos-6<\/p>\n<p>\u53e6\u5916\uff0c\u53ef\u53c2\u8003\uff1a<br \/>\nhttps:\/\/www.centos.org\/docs\/4\/html\/rhel-sg-en-4\/s1-firewall-ipt-fwd.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Forwarding Traffic with IPTables on CentOS 6 Introducti &hellip; <a href=\"https:\/\/ybzx.vip\/wp\/?p=2523\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u7528iptables\u505a\u7aef\u53e3\u8f6c\u53d1<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[117],"tags":[79,132],"class_list":["post-2523","post","type-post","status-publish","format-standard","hentry","category-network","tag-centos","tag-iptables"],"_links":{"self":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2523"}],"version-history":[{"count":0,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2523\/revisions"}],"wp:attachment":[{"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ybzx.vip\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}