This article will teach you how to use iptables for port forwarding on Tencent Cloud CVM, come and learn!
What is NAT (Port Forwarding)
All data packets sent on the network have an original address and a destination address. NAT is a technology to modify the original address or destination address (or port) of the data packet.
So why do we need to change the IP address? In the Internet, only data packets with public addresses can be transmitted, and data packets with private addresses cannot be transmitted. For example, when watching videos and browsing websites in a WIFI environment, the IP of the terminal (private address, the original addresses of all data packets sent from mobile phones, pads, and computers are basically private addresses). In order for data packets to be transmitted on the Internet, a public IP is required. Therefore, when accessing the Internet, the router will convert the source address of all data packets into the IP address of its WLAN port (this is the public network ip, generally the IP assigned by the ISP). This translation technology is NAT. When the accessed server returns data packets, the router will change the destination address of all data packets, from the IP address of its WLAN port, back to the IP address of the intranet. This will allow you to access the Internet. Therefore, NAT technology is widely used every day.
Port forwarding with iptables
1. Enable the system forwarding function
vi /etc/sysctl.conf
set net.ipv4.ip_forward=0
Modify it to net.ipv4.ip_forward=1
After editing sysctl, if you need to take effect immediately, you need to
sysctl -p
2. Modify the iptables command
If the same port is forwarded, you can directly type the following two-hop command:
iptables -t nat -A PREROUTING -p tcp --dport [port] -j DNAT --to-destination [IP]
iptables -t nat -A PREROUTING -p udp --dport [port] -j DNAT --to-destination [IP]
iptables -t nat -A POSTROUTING -p tcp -d [IP] --dport [port] -j SNAT --to-source [localIP]
iptables -t nat -A POSTROUTING -p udp -d [targetIP] --dport [port] -j SNAT --to-source [localIP]
If different ports are forwarded, you need to specify the destination port number and the local port number:
iptables -t nat -A PREROUTING -p tcp -m tcp --dport [localport] -j DNAT --to-destination [targetIP]:[targetport]
iptables -t nat -A PREROUTING -p udp -m udp --dport [localip] -j DNAT --to-destination [targetIP]:[targetport]
iptables -t nat -A POSTROUTING -d [targetIP]/32 -p tcp -m tcp --dport [targetport] -j SNAT --to-source [localIP]
iptables -t nat -A POSTROUTING -d [targetIP]/32 -p udp -m udp --dport [targetport] -j SNAT --to-source [localIP]
3. Save iptables and restart the configuration to take effect
service iptables save
service iptables restart
4. View iptables configuration
iptables -t nat -L
Extension :
Multi-port forwarding scheme (forwarding the 50000~65535 of the local server to the 50000~65535 port of the target IP 1.1.1.1):
iptables -t nat -A PREROUTING -p tcp -m tcp –dport 50000:65535 -j DNAT –to-destination 1.1.1.1
iptables -t nat -A PREROUTING -p udp -m udp –dport 50000:65535 -j DNAT –to-destination 1.1.1.1
iptables -t nat -A POSTROUTING -d 1.1.1.1/32 -p tcp -m tcp –dport 50000:65535 -j SNAT –to-source [local server IP]
iptables -t nat -A POSTROUTING -d 1.1.1.1/32 -p udp -m udp –dport 50000:65535 -j SNAT –to-source [local server IP]
Cloud Virtual Machine (CVM) provides you with secure and flexible computing capabilities. You can enable CVM in the cloud in just minutes to meet your diverse computing needs. Through CVM, you can easily scale up or down your computing resources as your business needs change. Billed based on your actual resource consumption, CVM reduces your computing costs and simplifies IT-related OPS. Did you learn it? Buy a CVM and try it out!
Top comments (0)