linux配置映射

『壹』 在linux上做埠映射

#假設你的內網ip為 192.168.1.22外網202.102.99.99
修改/etc/sysconfig/iptables添加
-A PREROUTING -d 202.102.99.99 -p tcp --dport 8085 -j DNAT --to-destination 192.168.1.22:8085
-A POSTROUTING -d 192.168.1.22 -p tcp --dport 8085 -j SNAT --to 202.102.99.99

『貳』 Linux SAMBA伺服器配置共享目錄，訪問控制，用戶映射

[global]

# ----------------------- Network Related Options-------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to thehostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = MYGROUP
server string = Samba Server Version%v

; netbios name = MYSERVER

interfaces = lo eth0
hosts allow = 192.168.1.
user map =/etc/samba/smbusermap

# --------------------------- Logging Options-----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, thenrotate
max log size = 50

# ----------------------- Standalone Server Options------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = user
passdb backend = tdbsam

# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name[My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *

; security = domain
; passdb backend = tdbsam
; realm = MY_REALM

; password server =<NT-Server-Name>

# ----------------------- Domain Controller Options------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on theclient
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; security = user
; passdb backend = tdbsam

; domain master = yes
; domain logons = yes

# the login script name depends on themachine name
; logon script = %m.bat
# the login script name depends on theunix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support byspecifing an empty path
; logon path =

; add user script = /usr/sbin/useradd"%u" -n -g users
; add group script = /usr/sbin/groupadd"%g"
; add machine script = /usr/sbin/useradd-n -c "Workstation (%u)" -M -d /nohome -s /bin/false"%u"
; delete user script = /usr/sbin/userdel"%u"
; delete user from group script =/usr/sbin/userdel "%u" "%g"
; delete group script =/usr/sbin/groupdel "%g"

# ----------------------- Browser Control Options----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election onstartup
# and gives it a slightly higher chance of winning the election
; local master = no
; os level = 33
; preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINSServer
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client,for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes

; dns proxy = yes

# --------------------------- Printing Options-----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up indivially
#
# Cups Options let you pass the cups libs custom options, setting it toraw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

load printers = no
cups options = raw

; printcap name = /etc/printcap
#obtain list of printers automaticallyon SystemV
; printcap name = lpstat
; printing = cups

# --------------------------- Filesystem Options---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them inglobal
# makes them the default for all shares

; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes

#============================ Share Definitions==============================

[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[sales]
comment = Home Directories
path=/var/samba/sales
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[finance]
comment = Home Directories
browseable = yes
path=/var/samba/finance
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes

# Un-comment the following and create the netlogon directory for DomainLogons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff

以上是smb.conf內的配置。
增加用戶和組，並設置好用戶組的隸屬關系。
用smbpasswd -a 增加smb訪問密碼。

『叄』 linux伺服器IP地址映射問題

首先你要確認你的linux系統防火牆有沒有開放22埠（默認是開放的），第二個就是你的ip地址了，你linux的ip地址是區域網的ip地址，第三就是你的埠映射是否做的正確，你的linux防火牆是否允許你外網的映射的那個地址進入 第四就是你訪問的時候是否是通過外網地址訪問的

『肆』 請問如何給linux埠映射，我想讓外網訪問！虛擬機linux系統

在nat.conf里可以配置埠映射，之後在Linux里設置防火牆添加訪問的埠

『伍』 LINUX伺服器的埠映射

開放內部主機可以 ftp 至外部的主機
開放內部網路，可以 ftp 至外部主機。

作法如下∶(預設 policy 為 DROP)

###-----------------------------------------------------###
# open 對外部主機 ftp port 21
###-----------------------------------------------------###

# 以下是打開命令 channel 21
iptables -A OUTPUT -o eth0 -p tcp -s $FW_IP --sport 1024:65535 -d any/0 --dport 21 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp ! --syn -s any/0 --sport 21 -d $FW_IP --dport 1024:65535 -j ACCEPT

# 以下是打開資料 channel 20
iptables -A INPUT -i eth0 -p tcp -s any/0 --sport 20 -d $FW_IP --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp ! --syn -s $FW_IP --sport 1024:65535 -d any/0 --dport 20 -j ACCEPT

# 以下是打開 passive mode FTP 資料通道
iptables -A OUTPUT -o eth0 -p tcp -s $FW_IP --sport 1024:65535 -d any/0 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp ! --syn -s any/0 --sport 1024:65535 -d $FW_IP --dport 1024:65535 -j ACCEPT

『陸』 怎樣在Linux 5上添加裸設備映射

解決方法:
裸設備介面在紅帽企業Linux 5上已經被去掉了。現在可以通過udev規則配置裸設備。
為了添加裸設備映射，在/etc/udev/rules.d/60-raw.rules 添加一行，格式和下面的一樣：
ACTION=="add", KERNEL="<device name>", RUN+="raw /dev/raw/rawX %N"

主/從號：
ACTION=="add", ENV{MAJOR}="A", ENV{MINOR}="B", RUN+="raw /dev/raw/rawX %M %m"

以需要邦定的設備名（例如/dev/sda1）替換上面的<device name>。"A"和"B"是需要邦定的主/從號。"X"是系統將要使用的裸設備的序號。
如果之前存在一個大的/etc/sysconfig/rawdevices文件，可以使用下面的腳本作轉換：
#!/bin/sh
grep -v "^ *#" /etc/sysconfig/rawdevices | grep -v "^$" | while read dev major
minor ; do
if [ -z "$minor" ]; then
echo "ACTION==\"add\", KERNEL==\"${major##/dev/}\",
RUN+=\"/usr/bin/raw $dev %N\""
else
echo "ACTION==\"add\", ENV{MAJOR}==\"$major\",
ENV{MINOR}==\"$minor\", RUN+=\"/usr/bin/raw $dev %M %m\""
fi
done

AS5 和AS4 的方法完全不同
AS5
設置重新啟動自動掛載裸設備
vi /etc/udev/rules.d/60-raw.rules
ACTION=="add", KERNEL=="sdd1", RUN+="/bin/raw /dev/raw/raw1 %N"
ACTION=="add", KERNEL=="sde1", RUN+="/bin/raw /dev/raw/raw2 %N"
ACTION=="add", KERNEL=="sdf1", RUN+="/bin/raw /dev/raw/raw3 %N"

AS4
vi /etc/sysconfig/rawdevices
/dev/raw/raw1 /dev/sdc1
/dev/raw/raw2 /dev/sdd1
# /sbin/service rawdevices restart

-------------------------------------------------------------------------------------------------
綁定裸設備
raw /dev/raw/raw<N> /dev/<blockdev>
刪除裸設備
raw /dev/raw/raw<N> 0 0
如用raw /dev/raw/raw1 0 0 刪除裸設備/dev/raw/raw1

『柒』 linux虛擬機上的文件怎麼映射到主機上

先確認虛擬機是關閉狀態（susppend時無法修改屬性）
再修改虛擬機屬性：（操作如下）
edit
virtual
machine
settings(編輯)
-
options(屬性)
-
shared
folders（選為always
enabled）
再"添加"對應的windows磁碟目錄
最後在虛擬的linux下安裝vmtools後，訪問/mnt/hfgs目錄即可
可以多關注《linux就該這么學》這本書，我都是從這裡面學到的

『捌』 linux做路由.如何映射埠啊

1. 源NAT(SNAT)
更改所有來自192.168.1.0/24的數據包的源ip地址為1.2.3.4：
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to 1.2.3.4
這里需要注意的是，系統在路由及過慮等處理直到數據包要被送出時才進行SNAT。
有一種SNAT的特殊情況是ip欺騙，也就是所謂的Masquerading，通常建議在使用撥號上網的時候使用，或者說在合法ip地址不固定的情況下使用。比如
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
可以看出，這時候我們沒有必要顯式的指定源ip地址等信息。
2. 目的SNAT(DNAT)
更改所有來自192.168.1.0/24的數據包的目的ip地址為1.2.3.4：
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -i eth1 -j DNAT --to 1.2.3.4
這里需要注意的是，系統是先進行DNAT，然後才進行路由及過慮等操作。
有一種DNAT的特殊情況是重定向，也就是所謂的Redirection，這時候就相當於將符合條件的數據包的目的ip地址改為數據包進入系統時的網路介面的ip地址。通常是在與squid配置形成透明代理時使用，假設squid的監聽埠是3128，我們可以通過以下語句來將來自 192.168.1.0/24，目的埠為80的數據包重定向到squid監聽
埠：
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 192.168.1.0/24 --dport 80
-j REDIRECT --to-port 3128
1、映射埠和伺服器監聽埠要對應
比如，默認的Apache和Nginx都監聽80埠，當某個IP映射到8002埠，要在相應的伺服器配置文件中修改成監聽相應8002埠。Nginx的路徑一般為/etc/nginx/nginx.conf。
2.防火牆問題
當埠修改後仍然訪問不到，要設置防火牆允許通過該埠
（iptables -I UNPUT -p tcp --dport 8010 -j ACCEPT），或者關掉防火牆（service iptables stop）。

『玖』 Linux埠映射

可以。請參考下面的設定：
【實現功能】

PC A是

eth0 172.18.10.212 內網

eth1 219.239.xx.xx 外網

PC B是 172.18.10.205 內網

A的8080埠映射到B的80埠

【步驟】

1、 首先應該做的是/etc/sysctl.conf配置文件的 net.ipv4.ip_forward = 1 默認是0

這樣允許iptalbes FORWARD。

2、 在/etc/rc.d/init.d目錄下有iptables 文件，使用格式如下

Usage: ./iptables {start|stop|restart|condrestart|status|panic|save}

相當與service iptables {....}

把iptables 服務停止，清除以前的規則，存檔

到/etc/rc.d/init.d目錄下，運行

./iptables stop

iptalbes -F

iptalbes -X

iptalbes -Z

./iptables save
3、 重新配置規則

iptables -t nat -A PREROUTING -d 219.239.xx.xx -p tcp --dport 8080 -j DNAT --to-destination 172.18.10.205:80

iptables -t nat -A POSTROUTING -d 172.18.10.205 -p tcp --dport 80 -j SNAT --to 172.18.10.212

iptables -A FORWARD -o eth0 -d 172.18.10.205 -p tcp --dport 80 -j ACCEPT

iptables -A FORWARD -i eth0 -s 172.18.10.205 -p tcp --sport 80 -j ACCEPT

DNAT SNAT 的請參考幫助，這里不再陳述。

4、 新的規則存檔

./iptables save

規則存檔後在/etc/sysconfig/iptables這個文件裡面，若你對這個文件很熟悉

直接修改這里的內容也等於命令行方式輸入規則。

5、 啟動iptables 服務

./iptables start

在/proc/net/ip_conntrack文件里有包的流向，如下面

tcp 6 53 TIME_WAIT src=../../221.122.59.2 dst=219.239.xx.xx sport=7958 dport=8080 packets=9 bytes=1753

src=../../172.18.10.205 dst=172.18.10.212 sport=80 dport=7958 packets=9 bytes=5777 [ASSURED] use=1