开启系统转发功能：

[root@localhost /]# vim /etc/sysctl.conf

 

# Generated by iptables-save v1.4.7 on Thu May 12 17:31:40 2016

*nat

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j SNAT --to 121.11.76.182

-A PREROUTING -d 121.11.76.132 -p tcp --dport 1801 -j DNAT --to-destination 121.11.76.182:1801

-A POSTROUTING -d 121.11.76.182 -p tcp --dport 1801 -j SNAT --to 121.11.76.132

-A PREROUTING -p tcp -m multiport --dport 4433,2103,2105 -j DNAT --to 121.11.76.182

-A POSTROUTING -j MASQUERADE

COMMIT

# Completed on Thu May 12 17:31:40 2016

# Generated by iptables-save v1.4.7 on Thu May 12 17:31:40 2016

*mangle

:PREROUTING ACCEPT [0:0]

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed on Thu May 12 17:31:40 2016

# Generated by iptables-save v1.4.7 on Thu May 12 17:31:40 2016

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 6379 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 18888 -j ACCEPT

-A FORWARD -i eth0 -s 121.11.76.182 -p tcp --sport 1801 -j ACCEPT

-A FORWARD -o eth0 -d 121.11.76.182 -p tcp --dport 1801 -j ACCEPT

-A FORWARD -i eth0 -s 121.11.76.182 -p tcp -m multiport --sport 4433,2103,2105 -j ACCEPT

-A FORWARD -o eth0 -d 121.11.76.182 -p tcp -m multiport --dport 4433,2103,2105 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

# Completed on Thu May 12 17:31:40 2016