六:利用iptables实现DNAT
[root@client ~]# service httpd restart //在client端配置好Apache服务器
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@client ~]# echo "just one test" > /var/www/html/index.html
[root@server ~]# service httpd status //验证服务器端没有安装Apache服务
httpd: unrecognized service
//配置DNAT
[root@server ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.100.20
[root@server ~]# iptables -t nat -L -v PREROUTING
Chain PREROUTING (policy ACCEPT 182 packets, 13431 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.100.20
[root@server ~]# iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-dest 192.168.100.200:3128 //iptables针对透明代理的配置
[root@server ~]# iptables -t nat -L OUTPUT -v //查看配置
Chain OUTPUT (policy ACCEPT 1 packets, 140 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.100.200:3128
[root@server ~]# lsmod |grep ip //查看iptables所加载的模块,配置文件为/etc/sysconfig/iptables-config
ipt_MASQUERADE 7617 1
iptable_nat 11077 1
ip_nat 21101 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 53281 4 xt_state,ipt_MASQUERADE,iptable_nat,ip_nat
nfnetlink 10713 2 ip_nat,ip_conntrack
iptable_filter 7105 1
ip_tables 17029 2 iptable_nat,iptable_filter
ipt_REJECT 9665 0
ip6t_REJECT 9409 1
ip6table_filter 6849 1
ip6_tables 18053 1 ip6table_filter
…………………………………………………………