[root@controller1 ~]# iptables -t nat -L PREROUTING --line-numbers #带序号查看指定表、链策略;小写字母对应表,大写字母对应链; -t指定表,-L指定链,--line-numbers带序号查看
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- anywhere controller1 tcp dpt:9522 to:192.168.122.123:22
[root@controller1 ~]# iptables -t nat -D PREROUTING 1 #-D删除
[root@controller1 ~]# iptables -t nat -L PREROUTING --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
[root@controller1 ~]#
[root@controller1 ~]# iptables -t nat --list --line-numbers #整表查看
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 LIBVIRT_PRT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain LIBVIRT_PRT (1 references)
num target prot opt source destination
1 RETURN all -- 192.168.122.0/24 base-address.mcast.net/24
2 RETURN all -- 192.168.122.0/24 255.255.255.255
3 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
4 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
5 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
iptables-save #启用策略,重启后失效
iptables-save > /etc/iptables.conf #永久保存,需要先启用iptables服务
