我用两台机器构建了一个私有网络,它们都有两个网络接口 这是网络信息:
MACHINE1
eth0 10.0.0.11(私人网)eth1 10.82.80.208(校园网ip)机2
eth0 10.0.0.21(私人网)eth2 10.82.80.207(校园网ip)我想访问校园网络中我的计算机(10.0.0.11)中的10.82.80.206,而不是iptables dnat使用校园网IP地址。例如,我想将数据包的目的地从10.0.0.11更改为10.82.80.208。
我试图使用iptables命令,例如:
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 10.0.0.11 -j DNAT --to-destination 10.82.80.208
iptables -t nat -A PREROUTING -i eth0 -p icmp -d 10.0.0.11 -j DNAT --to-destination 10.82.80.208
iptables -t nat -A PREROUTING -i eth0 -p udp -d 10.0.0.11 -j DNAT --to-destination 10.82.80.208
但是当我尝试ping 10.0.0.11时主机仍然无法访问时,它似乎毫无用处,我怎样才能将机器中口袋的目的地从10.0.0.11更改为10.82.80.208 }?
答案 0 :(得分:2)
当iptables's man page报告时,-i标志指定输入接口,而您需要指定输出接口的-o标志:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match.
但是,我认为在您的情况下,不需要指定接口或协议。我建议使用以下命令:
iptables -t nat -A PREROUTING -d 10.0.0.11 -j DNAT --to-destination 10.82.80.208