Elasticsearch 监控6

打开防火墙

代码语言：javascript复制

[root@es_node nginx]# iptables -L -nv | grep 443
[root@es_node nginx]# vim /etc/sysconfig/iptables
[root@es_node nginx]# grep 443 /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
[root@es_node nginx]# /etc/init.d/iptables  reload 
iptables: Trying to reload firewall rules:                 [  OK  ]
[root@es_node nginx]# iptables -L -nv | grep 443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443 
[root@es_node nginx]# 

---

配置DNAT

作为边界的网关服务器，要打开内核转发和iptables转发

也就是 net.ipv4.ip_forward 和 filter 表 FORWARD 链

然后开启 NAT PREROUTING 链的 DNAT

代码语言：javascript复制

[root@net_border ~]# iptables -L -nv  -t nat | grep 443
[root@net_border ~]# vim /etc/sysconfig/iptables
[root@net_border ~]# grep 443 /etc/sysconfig/iptables
-A PREROUTING -p tcp -m tcp --dport 2443 -j DNAT --to-destination 192.168.66.66:443
[root@net_border ~]# /etc/init.d/iptables reload
iptables: Trying to reload firewall rules:                 [  OK  ]
[root@net_border ~]# iptables -L -nv  -t nat | grep 443
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2443 to:192.168.66.66:443 
[root@net_border ~]# 

nat NAT网关

0 人点赞