-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiptable 설정
87 lines (63 loc) · 2.42 KB
/
iptable 설정
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
**사설에서 서비스 도메인으로 보낼때**
```
iptables -t nat -A PREROUTING -d 110.45.156.139 -p tcp --dport 80 -j DNAT --to 10.123.4.52:80
iptables -t nat -A PREROUTING -d 110.45.156.139 -p tcp --dport 443 -j DNAT --to 10.123.4.52:443
iptables -t nat -A PREROUTING -d 110.45.156.137 -p tcp --dport 80 -j DNAT --to 10.123.4.53:80
iptables -t nat -A PREROUTING -d 110.45.156.137 -p tcp --dport 443 -j DNAT --to 10.123.4.53:443
```
**iptable 백업**
```
# Generated by iptables-save v1.4.21 on Thu Apr 22 11:52:08 2021
*filter
:INPUT ACCEPT [48169:5960650]
:FORWARD DROP [11:440]
:OUTPUT ACCEPT [42887:4060929]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o d-dcos -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o d-dcos -j DOCKER
-A FORWARD -i d-dcos ! -o d-dcos -j ACCEPT
-A FORWARD -i d-dcos -o d-dcos -j ACCEPT
-A FORWARD -i eno2 -o eno1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eno1 -o eno2 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i d-dcos ! -o d-dcos -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o d-dcos -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
COMMIT
# Completed on Thu Apr 22 11:52:08 2021
# Generated by iptables-save v1.4.21 on Thu Apr 22 11:52:08 2021
*nat
:PREROUTING ACCEPT [7201:623607]
:INPUT ACCEPT [1875:275004]
:OUTPUT ACCEPT [824:61328]
:POSTROUTING ACCEPT [111:7572]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -o eno1 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Thu Apr 22 11:52:08 2021
```
**iptables 규칙 추가**
```
iptables -t nat -A PREROUTING -d 110.45.156.137 -p tcp --dport 10243 -j DNAT --to 10.123.4.53
```
**iptables 설정 확인""
```
iptables -t nat -v -L PREROUTING -n --line-number
```
**iptables 규칙 삭제**
```
iptables -t nat -D PREROUTING {rule-number-here}
```