# Generated by iptables-save v1.4.7 on Sat Jul 30 21:50:00 2016 *nat :PREROUTING ACCEPT [39:2919] :POSTROUTING ACCEPT [8:499] :OUTPUT ACCEPT [7:447] -A PREROUTING -d 183.131.85.84/32 -p tcp -m tcp --dport 13389 -j DNAT --to-destination 192.168.1.3:3389 //此处为端口映射 -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE //此处为路由转发实现NAT共享 COMMIT
备注:
- 使用的是虚拟系统添加IP迟的NAT模式,不是内网IP。
- Novnc用的是4081端口防火墙要添加好
- 虚拟机虚拟网卡经常挂掉需要重启 service virtnetwork restart
完整代码
# Generated by iptables-save v1.4.21 on Wed Jan 11 15:31:13 2017 *nat :PREROUTING ACCEPT [2:178] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -d 192.168.1.200/32 -p tcp -m tcp --dport 13389 -j DNAT --to-destination 192.168.0.10:3389 -A POSTROUTING -s 192.168.0.0/24 ! -d 192.168.0.0/24 -j MASQUERADE COMMIT # Completed on Wed Jan 11 15:31:13 2017 # Generated by iptables-save v1.4.21 on Wed Jan 11 15:31:13 2017 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m multiport --dports 4081,22,25,80,443,4082,4083,4084,4085,5900,5901,5902,6080,587 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -p tcp -m multiport --dports 8443,2087,2086,10000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 5901:7000 -j ACCEPT -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT -A OUTPUT -p tcp -m multiport --sports 25,587 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT COMMIT # Completed on Wed Jan 11 15:31:13 2017
Proxmox VE Qemu-guest-agent
最新评论