CentOS6-CentOS7 Firewall Set Port NAT Forward - centos, Centos6, centos7, Firewall, FireWalld, Forward, Iptables, NAT, port, setting

Background:

Forward port 8080 of this machine to other hosts, host IP: 192.168.1.162, target host IP And port 192.168.1.163:80, the method is as follows:

In the iptables environment of centos6 system:

 iptables -t nat -A PREROUTING -p tcp- m tcp --dport 8080 -j DNAT --to destination 192.168.1.163:80



　　iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 80 -j SNAT --to-source < span style="color: #800080;">192.168.1.162:8080



　　echo 1> /proc/sys/net/ipv4/ip_forward ###Enable the Linux kernel forwarding function at the same time.

In the firewalld environment of centos7 system:

Enable firewall camouflage: firewall-cmd --add- masquerade --permanent //Can forward ports only after opening



Add forwarding rules: firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=< span style="color: #800080;">80:toaddr=192.168.1.163  --permanent



(PS: This rule forwards port 8080 of the machine to port 192.168.1.163, port 80, configuration is complete-- reload only takes effect)



If the above rules still do not take effect after configuring the above rules, check whether port 80 is open on the firewall. If port 80 is open, it still cannot be forwarded. It may be because the kernel parameter file sysctl.conf is not configured with ip forwarding. The specific configuration is as follows:



vi /etc/sysctl.conf



Add in the text content: net.ipv4.ip_forward = 1



After saving the file, enter the command sysctl -p to take effect

 iptables -t nat -A PREROUTING -p tcp -m tcp --dport 8080 -j DNAT --to destination 192.168.1.163:80



　　iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 80 -j SNAT --to-source < span style="color: #800080;">192.168.1.162:8080



　　echo 1> /proc/sys/net/ipv4/ip_forward ###Enable the Linux kernel forwarding function at the same time.

Enable firewall camouflage: firewall-cmd --add-masquerade --permanent //The port can only be forwarded after opening



Add forwarding rules: firewall-cmd --add-forward-port=port=8080:proto=tcp:toport=< span style="color: #800080;">80:toaddr=192.168.1.163  --permanent



(PS: This rule forwards port 8080 of the machine to port 192.168.1.163, port 80, configuration is complete-- reload only takes effect)



If the above rules still do not take effect after configuring the above rules, check whether port 80 is open on the firewall. If port 80 is open, it still cannot be forwarded. It may be because the kernel parameter file sysctl.conf is not configured with ip forwarding. The specific configuration is as follows:



vi /etc/sysctl.conf



Add in the text content: net.ipv4.ip_forward = 1



After saving the file, enter the command sysctl -p to take effect

Forward port 8080 of this machine to other hosts, host IP: 192.168.1.162, target host IP And port 192.168.1.163:80, the method is as follows:

Leave a Comment Cancel reply