iptables-save
# Generated by iptables-save v1.4.10 on Sat May 12 12:59:52 2012
*mangle
:PREROUTING ACCEPT [207211:104830803]
:INPUT ACCEPT [88729:55230374]
:FORWARD ACCEPT [114038:49364566]
:OUTPUT ACCEPT [70390:35980827]
:POSTROUTING ACCEPT [184466:85352906]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat May 12 12:59:52 2012
# Generated by iptables-save v1.4.10 on Sat May 12 12:59:52 2012
*filter
:INPUT DROP [11816:2024004]
:FORWARD DROP [31:1770]
:OUTPUT ACCEPT [70390:35980827]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i eth0 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,80,447,110,25,47,1723 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD ! -i eth0 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -d 192.168.1.99/32 -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
COMMIT
# Completed on Sat May 12 12:59:52 2012
# Generated by iptables-save v1.4.10 on Sat May 12 12:59:52 2012
*nat
:PREROUTING ACCEPT [30002:2473166]
:INPUT ACCEPT [3362:200607]
:OUTPUT ACCEPT [2764:174400]
:POSTROUTING ACCEPT [40:4018]
-A PREROUTING ! -d 192.168.1.1/32 -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -d 192.168.0.200/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.99:3389
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat May 12 12:59:52 2012
Только сейчас временно тестирую сервер внутри лок сети,
то есть 192.168.0.200 - внешний адрес сервера прокси
192.168.1.1 - адрес внутренней сетевухи
192.168.1.99 - адрес рдп-сервера, который находится за прокси
Тема: ubuntu server + squid3 прокси проброс портов для vpn клиентов (Прочитано 8901 раз)
