iptables端口转发(port forwarding)

简单脚本端口转发案例

在Kubernetes集群(z-k8s)部署集成GPU监控的Prometheus和Grafana 实现一个简单的端口转发到后端服务器的 Prometheus监控Grafana通用可视分析平台 端口:

端口转发 prometheus-stack 服务端口
local_host=192.168.106.15

dashboard_port=8443
grafana_port=8080
prometheus_port=9090
alertmanager_port=9093

k8s_dashboard_host=172.21.44.215
k8s_dashboard_port=32642

k8s_grafana_host=192.168.6.114
k8s_grafana_port=32427

k8s_prometheus_host=192.168.6.112
k8s_prometheus_port=30090

k8s_alertmanager_host=192.168.6.113
k8s_alertmanager_port=30903

iptables -t nat -A PREROUTING -p tcp --dport ${dashboard_port} -j DNAT --to-destination ${k8s_dashboard_host}:${k8s_dashboard_port}
iptables -t nat -A POSTROUTING -p tcp -d ${k8s_dashboard_host} --dport ${k8s_dashboard_port} -j SNAT --to-source ${local_host}

iptables -t nat -A PREROUTING -p tcp --dport ${grafana_port} -j DNAT --to-destination ${k8s_grafana_host}:${k8s_grafana_port}
iptables -t nat -A POSTROUTING -p tcp -d ${k8s_grafana_host} --dport ${k8s_grafana_port} -j SNAT --to-source ${local_host}

iptables -t nat -A PREROUTING -p tcp --dport ${prometheus_port} -j DNAT --to-destination ${k8s_prometheus_host}:${k8s_prometheus_port}
iptables -t nat -A POSTROUTING -p tcp -d ${k8s_prometheus_host} --dport ${k8s_prometheus_port} -j SNAT --to-source ${local_host}

iptables -t nat -A PREROUTING -p tcp --dport ${alertmanager_port} -j DNAT --to-destination ${k8s_alertmanager_host}:${k8s_alertmanager_port}
iptables -t nat -A POSTROUTING -p tcp -d ${k8s_alertmanager_host} --dport ${k8s_alertmanager_port} -j SNAT --to-source ${local_host}

参考