ubuntu port forwarding
vim /etc/default/ufw
==
DEFAULT_FORWARD_POLICY="ACCEPT"
==
設定開啟
vim /etc/ufw/sysctl.conf
vim /etc/sysctl.conf
把 net.ipv4.ip_forward=1 都 uncomment
==
# Uncomment this to allow this host to route packets between interfaces
net/ipv4/ip_forward=1
#net/ipv6/conf/default/forwarding=1
#net/ipv6/conf/all/forwarding=1
==
編輯規則
vim /etc/ufw/before.rules
===
-A PREROUTING -p tcp -m tcp -d 主機IP --dport 1433 -j DNAT --to-destination 目標IP:port
舉例如下:也就是連到192.168.50.1:80,會轉發到61.168.0.212:80
==
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp -d 192.168.50.1 --dport 80 -j DNAT --to-destination 61.168.0.212:80
-A POSTROUTING -j MASQUERADE
COMMIT
===
sudo sysctl -p
==
sudo ufw allow 80/tcp
或
sudo ufw allow from any to any port 80
==
sudo systemctl restart ufw
==
察看與驗證
sudo ufw status
sudo iptables -t nat -L -n -v
監聽封包
tcpdump -i ens3 -c 200 port 80
網卡代號 ens3
