使用iptables管理openvz的端口映射
ip rule add table main prio 10
ip route replace default via 173.82.255.1 table default
#ip route replace 10.86.0.0/16 via 192.168.30.1 table default
ip route del default table main
ip route replace default via 173.82.255.1 table 101
ip route replace default via 173.82.152.1 table 102
ip rule add from 10.173.1.0/24 table 101 prio 100
ip rule add from 10.173.2.0/24 table 102 prio 100
iptables -t nat -F
#wan101
iptables -t nat -A POSTROUTING -j SNAT --to 173.82.255.41 -s 10.173.1.0/24
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 1689 -j DNAT --to-destination 10.173.1.1:1688
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.173.1.1:80
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5550 -j DNAT --to-destination 10.173.1.1:5550
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5551 -j DNAT --to-destination 10.173.1.1:5551
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 5555 -j DNAT --to-destination 10.173.1.1:5555
#iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 9930 -j DNAT --to-destination 10.173.1.1:9930
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 22879 -j DNAT --to-destination 10.173.1.1:22
iptables -t nat -A PREROUTING -d 173.82.255.41 -p tcp -m tcp --dport 1030:1039 -j DNAT --to-destination 10.173.1.3:1030-1039
#wan102
iptables -t nat -A POSTROUTING -j SNAT --to 173.82.152.60 -s 10.173.2.0/24
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.173.2.2:80
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.173.2.2:443
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 8888 -j DNAT --to-destination 10.173.2.2:8888
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 2204 -j DNAT --to-destination 10.173.2.4:22
iptables -t nat -A PREROUTING -d 173.82.152.60 -p tcp -m tcp --dport 1040:1049 -j DNAT --to-destination 10.173.2.4:1040-1049
#iptables -t nat -A POSTROUTING -s 10.173.0.0/16 -d 10.86.0.0/16 -o vpn_vpn -j MASQUERADE ![Windows内网穿透远程桌面:启用Windows远程桌面 1/3[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)