forward port to public remote host 将端口转发到远程服务器

command.bash

iptables -t nat -A PREROUTING -p tcp --dport 22 -j DNAT --to XX.XX.XX.XX:22
iptables -A FORWARD -p tcp -d XX.XX.XX.XX --dport 22 -j ACCEPT
iptables -t nat -A POSTROUTING  -j MASQUERADE

iptables

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp --dport 22 -j DNAT --to-destination XX.XX.XX.XX:22
-A POSTROUTING -j MASQUERADE
COMMIT

*filter
:INPUT ACCEPT [33:2136]
:FORWARD ACCEPT [20:7392]
:OUTPUT ACCEPT [17:1472]
-A FORWARD -d XX.XX.XX.XX/32 -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT