Port forwarding reference: port forwarding using iptables -5 1nb- Blog Park (cnblogs.com)
A virtual machine: 192. 168.2.2 (private network ip), 8080 port tomcat service.
A virtual machine: 192. 168.3.6 (public ip),192.10 (private ip), 80-port apache service.
1. Virtual machine (192. 168.3.6) turns on the forwarding function.
vim /etc/sysctl.conf
Enter net.ipv4.ip_forward= 1.
Use the sysctl -p command to make the configuration effective.
2. Add iptables rules to realize port forwarding.
iptables-t NAT-I pre routing-I ens 36-d 192. 168 . 3 . 6-p TCP-dport 9090-j DNAT-to-destination 192. 168 . 2 . 2:8080
3. Forward successfully
1. Set iptables rules.
Iptables -t nat -I pre-route-Iens36-s192.168.3.3-d168.3.6-ptcp-dport80-j redirects to port 22.
2. The attack plane 192. 168.3.3 uses XShell to SSH port 80 of 192. 168.3.6.
1. Virtual machine (192. 168.3.6) turns on the forwarding function.
vim /etc/sysctl.conf
Enter net.ipv4.ip_forward= 1.
Use the sysctl -p command to make the configuration effective.
2. Set iptables rules. When and only when 192. 168.3.3 is accessed, the source IP will be added to the MyChains list of TCP packets with port 80 of 192. 168.3.6.
iptables-A INPUT-p TCP-m string-string " nihao 123 coming "-algo BM-m recent-set-name my chains-r source-j ACCEPT
4. Set the off switch. If a TCP packet containing "nihao 123 Leave" is received, the source IP will be deleted from the MyChains list.
iptables-A INPUT-p TCP-m string-string " nihao 123 leaving "-algo BM-m recent-name my chains-remove-j ACCEPT
5. When the source IP of SYN packet is found in the MyChains list, it will jump to the MyChains chain for processing, and the effective time is 3600 seconds.
iptables-t NAT-A pre routing-p TCP-dport 80-syn-m recent-r check-seconds 3600-name my chains-rsource-j my chains
4. Turn on multiplexing. After being turned on, the traffic from the machine that sends the turn-on command to the target port 80 will be forwarded to the target port 20.
Verification:
5. Turn off multiplexing
Verification: