Skip to content

Iptables转发设置

Published March 1, 2023

IPV4

启用内核转发

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

添加转发规则

iptables -t nat -A PREROUTING -p tcp --dport [port] -j DNAT --to-destination [ip]:[port]
iptables -t nat -A POSTROUTING -d [ip] -p tcp --dport [port] -j MASQUERADE

显示nat表规则

iptables -t nat -nL --line-number

删除对应编号

iptables -t nat  -D PREROUTING 1
iptables -t nat  -D POSTROUTING 1

IPV6

启用内核转发

echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.conf
sysctl -p

添加转发规则

ip6tables -t nat -I PREROUTING -p tcp --dport [port] -j DNAT --to [ip]:[port]  
ip6tables -t nat -I POSTROUTING -p tcp --dport [port] -j MASQUERADE

显示nat表规则

ip6tables -t nat -nL --line-number

删除对应编号

ip6tables -t nat  -D PREROUTING 1
ip6tables -t nat  -D POSTROUTING 1

配置防火墙

只允许特定IP访问特定端口

ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -s [ip] -p tcp -m tcp --dport [port] -j ACCEPT
ip6tables -A INPUT -p tcp -m tcp --dport [port] -j DROP

Published in Web

Leave a Reply