Ubuntu Server
Ifconfig:
eth0 Link encap:Ethernet HWaddr 00:1d:60:f8:85:1a
inet addr:192.168.0.50 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21d:60ff:fef8:851a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:113732 errors:0 dropped:0 overruns:0 frame:0
TX packets:65286 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:9630733 (9.1 MB) TX bytes:72274926 (68.9 MB)
eth1 Link encap:Ethernet HWaddr 00:1b:11:63:eb:ea
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21b:11ff:fe63:ebea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64015 errors:0 dropped:0 overruns:0 frame:0
TX packets:49264 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:75299453 (71.8 MB) TX bytes:8249758 (7.8 MB)
Interrupt:17 Base address:0x2c00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:600 (600.0 B) TX bytes:600 (600.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:82.207.113.255 P-t-P:195.5.5.201 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:63926 errors:0 dropped:0 overruns:0 frame:0
TX packets:49113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:73886560 (70.4 MB) TX bytes:7153748 (6.8 MB)
IpTables:
# Generated by iptables-save v1.3.8 on Wed Jan 6 10:07:12 2010
*nat
:PREROUTING ACCEPT [62:6310]
:POSTROUTING ACCEPT [34:2509]
:OUTPUT ACCEPT [34:2509]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 44567 -j DNAT --to-destination 192.168.0.45:44567
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4899 -j DNAT --to-destination 192.168.0.45:4899
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.46:50000
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 6 10:07:12 2010
# Generated by iptables-save v1.3.8 on Wed Jan 6 10:07:12 2010
*mangle
:PREROUTING ACCEPT [587:195712]
:INPUT ACCEPT [242:22979]
:FORWARD ACCEPT [345:171309]
:OUTPUT ACCEPT [231:24959]
:POSTROUTING ACCEPT [618:200596]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Wed Jan 6 10:07:12 2010
# Generated by iptables-save v1.3.8 on Wed Jan 6 10:07:12 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
-A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
-A INPUT -d 255.255.255.255 -i eth0 -j ACCEPT
-A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth1 -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -i eth0 -p ! tcp -j ACCEPT
-A INPUT -d 224.0.0.0/240.0.0.0 -i eth1 -p ! tcp -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i ppp0 -j LOG
-A INPUT -s 192.168.0.0/255.255.255.0 -i ppp0 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i ppp0 -j LOG
-A INPUT -s 192.168.1.0/255.255.255.0 -i ppp0 -j ACCEPT
-A INPUT -d 255.255.255.255 -i ppp0 -j ACCEPT
-A INPUT -d 82.207.113.255 -i ppp0 -j ACCEPT
-A INPUT -d 224.0.0.1 -j DROP
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -s 192.168.1.0/255.255.255.0 -d 192.168.0.0/255.255.255.0 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -i eth0 -o ppp0 -j ACCEPT
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth1 -o ppp0 -j ACCEPT
-A FORWARD -d 192.168.0.45/32 -i ppp0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.0.0/255.255.255.0 -o ppp0 -j LOG
-A FORWARD -d 192.168.0.0/255.255.255.0 -o ppp0 -j DROP
-A FORWARD -d 192.168.1.0/255.255.255.0 -o ppp0 -j LOG
-A FORWARD -d 192.168.1.0/255.255.255.0 -o ppp0 -j DROP
-A FORWARD -d 224.0.0.1 -j DROP
-A FORWARD -j LOG
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255 -o eth0 -j ACCEPT
-A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o eth0 -j ACCEPT
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o eth1 -j ACCEPT
-A OUTPUT -d 224.0.0.0/240.0.0.0 -o eth0 -p ! tcp -j ACCEPT
-A OUTPUT -d 224.0.0.0/240.0.0.0 -o eth1 -p ! tcp -j ACCEPT
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o ppp0 -j LOG
-A OUTPUT -d 192.168.0.0/255.255.255.0 -o ppp0 -j DROP
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o ppp0 -j LOG
-A OUTPUT -d 192.168.1.0/255.255.255.0 -o ppp0 -j DROP
-A OUTPUT -d 255.255.255.255 -o ppp0 -j ACCEPT
-A OUTPUT -s 82.207.113.255 -o ppp0 -j ACCEPT
-A OUTPUT -d 224.0.0.1 -j DROP
-A OUTPUT -j LOG
-A OUTPUT -j DROP
COMMIT
# Completed on Wed Jan 6 10:07:12 2010
Проблема при входе из интернета в локальную сеть. Мне нужно подключаться по этим адрессам из интернета:
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 44567 -j DNAT --to-destination 192.168.0.45:44567
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4899 -j DNAT --to-destination 192.168.0.45:4899
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 50000 -j DNAT --to-destination 192.168.0.46:50000
Подскажите пожалуйста что я намудрил в правилах.
Пользователь решил продолжить мысль 06 Января 2010, 13:00:04:
Что не кто не подскажет в чем проблема?
Тема: Проблема с правилами IPTables. ПОМОГИТЕ!!! (Прочитано 602 раз)
