第一步:启用IPv4转发功能
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p
第二步:开启firewall伪装(此步骤非常重要)
firewall-cmd --add-masquerade --permanent
第三步:添加转发端口和远程IP以及端口
firewall-cmd --add-forward-port=port=本地端口:proto=tcp:toport=远程端口:toaddr=远程IP --permanent
都添加完以后,最后一步重载防火墙使其生效
firewall-cmd --reload
附赠一个转发小脚本
#!/bin/bash #install firewall and forward port # 颜色 red='\033[0;31m' green='\033[0;32m' yellow='\033[0;33m' plain='\033[0m' addForwardPort() { while true do read -p "请输入本地端口:" local_port local_ports=($(firewall-cmd --list-forward-ports | awk '{print $1}'|tr 'n' " ")) spResult=0 for ((i=1;i<=${#local_ports[@]};i++ )); do local_p="${local_ports[$i-1]}" port_str=${local_p%%:proto*} port_str=$(echo ${port_str} | tr -cd "[0-9]") if [ "$local_port" -eq "$port_str" ]; then spResult=1 echo -e "[${red}错误:${plain} 该端口已经存在,规则如下]" echo -e "[${green}${local_p}${plain}]" break fi done if [ "$spResult" -eq 1 ]; then continue fi read -p "请输入NAT IP:" nat_ip read -p "请输入NAT端口:" nat_port firewall-cmd --permanent --add-forward-port=port=${local_port}:proto=tcp:toaddr=${nat_ip}:toport=${nat_port} > /dev/null firewall-cmd --permanent --add-forward-port=port=${local_port}:proto=udp:toaddr=${nat_ip}:toport=${nat_port} > /dev/null firewall-cmd --permanent --add-port=${local_port}/tcp > /dev/null firewall-cmd --permanent --add-port=${local_port}/udp > /dev/null firewall-cmd --reload > /dev/null echo -e " ${green}设置成功!${plain}" break done } removeForwardPort() { local_ports=($(firewall-cmd --list-forward-ports | awk '{print $1}'|tr 'n' " ")) while true do echo -e "请选择一个端口进行删除:" for ((i=1;i<=${#local_ports[@]};i++ )); do local_p="${local_ports[$i-1]}" echo -e "${green}${i}${plain}) ${local_p}" done read -p "请输入序号(默认: 1):" input_number [ -z "$input_number" ] && input_number=1 expr ${input_number} + 1 &>/dev/null if [ $? -ne 0 ]; then echo -e "[${red}错误:${plain}] 请输入一个数字" continue fi if [[ "$input_number" -lt 1 || "$input_number" -gt ${#local_ports[@]} ]]; then echo -e "[${red}错误:${plain}] 请输入一个数字 1 - ${#local_ports[@]}" continue fi remove_content=${local_ports[$input_number-1]} firewall-cmd --permanent --remove-forward-port=${remove_content} > /dev/null port_str=${remove_content%%:proto*} port_str=$(echo ${port_str} | tr -cd "[0-9]") [[ $remove_content =~ "tcp" ]] && firewall-cmd --permanent --remove-port=${port_str}/tcp > /dev/null [[ $remove_content =~ "udp" ]] && firewall-cmd --permanent --remove-port=${port_str}/udp > /dev/null firewall-cmd --reload > /dev/null echo -e " ${green}删除成功!${plain}" break done } showForwardPort() { local_ports=($(firewall-cmd --list-forward-ports | awk '{print $1}'|tr 'n' " ")) for ((i=1;i<=${#local_ports[@]};i++ )); do local_p="${local_ports[$i-1]}" echo -e "${green}${i}${plain}) ${local_p}" done } while true do echo -e " ${green}1:${plain}添加一个端口转发" echo -e " ${green}2:${plain}删除一个端口转发" echo -e " ${green}3:${plain}查看所有已开启规则" read -p "请输入序号:" input_port if [ "$input_port" -eq 1 ]; then addForwardPort break fi if [ "$input_port" -eq 2 ]; then removeForwardPort break fi if [ "$input_port" -eq 3 ]; then showForwardPort break fi echo -e "[${red}输入有误,请重新输入${plain}]" done