UFW port forwarding

ufw Port forwarding and what we did before iptables Port forwarding is almost the same , If you don't believe it, you can review it again 「ailx10：iptables Port forwarding 」,ufw yes iptables Of unbuntu Series firewall upgrade ,firewall yes iptables Of centos Series firewall upgrade ,firewall Abandoned iptables That set of grammar , Simplified configuration ,ufw Still inherited iptables grammar ,firewall For port forwarding, please refer to my other blog 「ailx10：firewall Port forwarding 」. in general , Port forwarding is very interesting , It can bypass the north-south flow monitoring ～

First step ： Configure to allow port forwarding

vim /etc/ufw/sysctl.conf

The second step ： Local port forwarding configuration

*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 8022 -j REDIRECT --to-port 22
COMMIT

The third step ： start-up ufw A firewall

ufw allow 22
ufw enable
service ufw start
service ufw status

Step four ： Verify local port forwarding

ssh [email protected] -p 8022

Step five ： Configure additional ports for remote forwarding

vim /etc/default/ufw

Step six ： Configure port remote forwarding , Go directly to iptables Just copy in the experiment

-A PREROUTING -p tcp --dport 13389 -j DNAT --to-destination 192.168.199.185:3389
# PREROUTING chain ： Process packets before routing （ Do target address conversion ）
#  Go to the springboard machine  13389  Port traffic   forward   To the intranet 3389 port 


-A POSTROUTING -p tcp -d 192.168.199.185 --dport 3389 -j SNAT --to-source 192.168.199.247
# POSTROUTING chain ： Process packets after routing （ Modify and convert the source address of the data link ）
#  Go to the intranet  3389  Port traffic   Modification source IP It's a springboard machine 

Step seven ： see 13389 port , already open

Step eight ： Verify remote port forwarding

Network security has a long way to go , Wash and sleep ～