iptables / route command notes

来源：百度文库编辑：神马文学网时间：2024/04/29 16:16:00

自從 Linux NAT 正式上線後, 就陸續發現許多需要設定的地方, 特地整理下來, 免得日子一久又忘了... :P
範例環境描述:
LAN Network: 192.168.1.0/24
WAN IP: "your_public_ip"
Linux NAT LAN IP: 192.168.1.254
Linux NAT 適用:
讓內部電腦連外時偽裝為 Public IP
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
限制內部電腦只能透過特定埠口對外連線
iptables -t filter -A FORWARD -s 192.168.1.0/24 -p tcp -m multiport --destination-port 25,80,110 -j ACCEPT
iptables -t filter -A FORWARD -s 192.168.1.0/24 -j DROP
對外開放特定埠口, 指向特定電腦
iptables -t nat -A PREROUTING -p tcp -d your_public_ip --dport 80 -j DNAT --to-destination 192.168.1.1
iptables -t nat -A PREROUTING -p tcp -d your_public_ip -m multiport --destination-port 5800,5900 -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -s ! 192.168.1.0/24 -d your_public_ip -m state --state NEW -j DROP
連向特定網域時使用特定閘道
route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.253 dev eth0
route add -host 202.83.193.114 gw 192.168.1.253 dev eth0
Client PC 適用:
本機能對外連線, 但禁止別人連入本機
iptables -t filter -A INPUT -s ! 127.0.0.1 -m state --state NEW -j DROP
Posted by Jamyy at 2005年04月01日 14:53
from: http://cha.homeip.net/blog/archives/2005/04/iptables_route.html

iptables / route command notes iptables ROUTE target 應用備忘 command iptables ROUTE命令 sim command English Notes iptables ipt_do_table iptables ipt iptables classic iptables ipt_do_table Iptables---ip Linux route命令详解 route命令详解 Sabie River Route瀑布 Delphi Basics : Variant command 设计模式之Command Examples of evalScript command VC++ COMMAND与UPDATE 设计模式之Command iostat详解 - COMMAND - SENSE Sabie全景大道Panorama Route [Laskey99] 13.2. SQL Command Syntax 隐藏notes菜单