- 海之寻趣
- Ranler
- 2018-03-29 02:17
- CC BY-NC-SA 3.0
Iptables Idioms
redirect local request with NAT
# connections from outside
iptables -t nat -A PREROUTING -p tcp --dport 9020 -j DNAT --to 10.0.3.11:80
# for local connection
iptables -t nat -A OUTPUT -p tcp --dport 9020 -j DNAT --to 10.0.3.11:80
# Masquerade local subnet
iptables -t nat -A POSTROUTING -s 10.0.3.0/16 -j MASQUERADE
iptables -A FORWARD -o lxcbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i lxcbr0 -o eth0 -j ACCEPT
iptables -A FORWARD -i lxcbr0 -o lo -j ACCEPT