WeiNote

yyrcd

web

TA

pl

2020

Mar 13

2019

2019

Dec 24

LAN: Local Area Network WAN: Wide Area Network

NAT: Network Address Translation

SNAT: Source Network Address Translation 内网多台机器由路由器连起来,内网机器访问外网,路由器将数据包的报头中的源地址替换成路由器的ip。

DNAT: Destination Network Address Translation 外网通过防火墙访问处于内网的web服务,外网访问防火墙,防火墙将目标地址改写成web服务器的内网ip。

转发redis

iptables -t nat -A PREROUTING -p tcp -d 104.111.111.111 --dport 1111 -j DNAT --to-destination 172.1.1.5
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
$ sudo iptables -t nat -L -vn
Chain PREROUTING (policy ACCEPT 4 packets, 208 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            104.111.111.111       tcp dpt:1111 to:172.1.1.5

Chain POSTROUTING (policy ACCEPT 5 packets, 403 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      wg0     0.0.0.0/0            0.0.0.0/0           

Reference: