当前位置: 技术问答>linux和unix
iptables 转发问题请教
来源: 互联网 发布时间:2016-03-24
本文导语: 主机有两款网卡, 一块连接ADSL, 一块连接内网192.168.0.0/24. 连接内网网卡IP是192.168.0.2(eth1). 连接ADSL model是192.168.0.1(eth0) 192.168.0.2连接路由器. 另一台主机是192.168.0.22. 现在我要从internel访问主机500 端口的都转发到192....
主机有两款网卡, 一块连接ADSL, 一块连接内网192.168.0.0/24. 连接内网网卡IP是192.168.0.2(eth1). 连接ADSL model是192.168.0.1(eth0)
192.168.0.2连接路由器. 另一台主机是192.168.0.22.
现在我要从internel访问主机500 端口的都转发到192.168.0.22的500端口 (VPN). 我设置了iptables, 好像没有起作用(最后一句有错,怎么改?):
iptables -t nat -A PREROUTING -d 121.35.169.194 -p tcp --dport 500 -j DNAT --to 192.168.0.22:500
iptables -t nat -A POSTROUTING -d 192.168.0.22 -p tcp --dport 500 -j SNAT --to 192.168.0.22:500
iptables -A FORWARD -o eth0 -d 192.168.0.22 -p tcp --dport 500 -j ACCEPT
iptables -A FORWARD -i eth0 -s 192.168.0.22 -p tcp --sport 500 -m --state ESTABLISHED -j ACCEPT
我的系统是RH9.
下面是ifconfig信息
[root@localhost root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:017:93
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4350 errors:0 dropped:0 overruns:0 frame:0
TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3937505 (3.7 Mb) TX bytes:429164 (419.1 Kb)
Interrupt:10 Base address:0xf000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:01:2A:F0
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3646 errors:0 dropped:0 overruns:0 frame:0
TX packets:4368 errors:0 dropped:0 overruns:2 carrier:0
collisions:0 txqueuelen:100
RX bytes:405916 (396.4 Kb) TX bytes:3902844 (3.7 Mb)
Interrupt:11 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:273 errors:0 dropped:0 overruns:0 frame:0
TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28063 (27.4 Kb) TX bytes:28063 (27.4 Kb)
ppp0 Link encapoint-to-Point Protocol
inet addr:121.35.169.194 P-t-P:121.35.168.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:4266 errors:0 dropped:0 overruns:0 frame:0
TX packets:3630 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3838553 (3.6 Mb) TX bytes:330456 (322.7 Kb)
[root@localhost root]#
192.168.0.2连接路由器. 另一台主机是192.168.0.22.
现在我要从internel访问主机500 端口的都转发到192.168.0.22的500端口 (VPN). 我设置了iptables, 好像没有起作用(最后一句有错,怎么改?):
iptables -t nat -A PREROUTING -d 121.35.169.194 -p tcp --dport 500 -j DNAT --to 192.168.0.22:500
iptables -t nat -A POSTROUTING -d 192.168.0.22 -p tcp --dport 500 -j SNAT --to 192.168.0.22:500
iptables -A FORWARD -o eth0 -d 192.168.0.22 -p tcp --dport 500 -j ACCEPT
iptables -A FORWARD -i eth0 -s 192.168.0.22 -p tcp --sport 500 -m --state ESTABLISHED -j ACCEPT
我的系统是RH9.
下面是ifconfig信息
[root@localhost root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:E0:4C:017:93
inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4350 errors:0 dropped:0 overruns:0 frame:0
TX packets:3808 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:3937505 (3.7 Mb) TX bytes:429164 (419.1 Kb)
Interrupt:10 Base address:0xf000
eth1 Link encap:Ethernet HWaddr 00:E0:4C:01:2A:F0
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3646 errors:0 dropped:0 overruns:0 frame:0
TX packets:4368 errors:0 dropped:0 overruns:2 carrier:0
collisions:0 txqueuelen:100
RX bytes:405916 (396.4 Kb) TX bytes:3902844 (3.7 Mb)
Interrupt:11 Base address:0x1000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:273 errors:0 dropped:0 overruns:0 frame:0
TX packets:273 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28063 (27.4 Kb) TX bytes:28063 (27.4 Kb)
ppp0 Link encapoint-to-Point Protocol
inet addr:121.35.169.194 P-t-P:121.35.168.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:4266 errors:0 dropped:0 overruns:0 frame:0
TX packets:3630 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:3838553 (3.6 Mb) TX bytes:330456 (322.7 Kb)
[root@localhost root]#
|
你的描述好像都有矛盾,
连接内网网卡IP是192.168.0.2(eth1). 连接ADSL model是192.168.0.1(eth0)跟你的ifconfig结果不一致啊
连接内网网卡IP是192.168.0.2(eth1). 连接ADSL model是192.168.0.1(eth0)跟你的ifconfig结果不一致啊
|
搞这么复杂干嘛啊,你不要是转外网进来的500端口的访问吗?转eth0,eth1干什么?
iptables -t nat -A PREROUTING -i ppp+ -p tcp -m tcp --dport 500 -j DNAT --to-destination 192.168.0.22:500
如果你的默认策略都是ACCEPT的话,这样应该就可以了,回去的SNAT不用做。
iptables -t nat -A PREROUTING -i ppp+ -p tcp -m tcp --dport 500 -j DNAT --to-destination 192.168.0.22:500
如果你的默认策略都是ACCEPT的话,这样应该就可以了,回去的SNAT不用做。
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。