Проброс портов в iptables

[FLAXE]

после последних нет.

перезагрузил и вот что вижу в выводе iptables-save:

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

# Generated by iptables-save v1.4.19.1 on Wed Oct 17 16:05:21 2018
*filter
:INPUT DROP [38224:2314833]
:FORWARD DROP [6:304]
:OUTPUT DROP [0:0]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
-A INPUT
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -s 192.168.10.1/32 -i lo -j ACCEPT
-A INPUT -s 192.168.11.1/32 -i lo -j ACCEPT
-A INPUT -s 195.208.136.116/32 -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 195.208.136.116/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.10.1/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.11.1/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i enp4s0 -p tcp -j tcp_packets
-A INPUT -i enp4s0 -p udp -j udp_packets
-A INPUT -i enp4s0 -p icmp -j icmp_packets
-A INPUT -i enp4s8 -p tcp -j tcp_packets
-A INPUT -i enp4s8 -p udp -j udp_packets
-A INPUT -i enp4s8 -p icmp -j icmp_packets
-A INPUT -i tun+ -p tcp -j tcp_packets
-A INPUT -i tun+ -p udp -j udp_packets
-A INPUT -i tun+ -p icmp -j icmp_packets
-A INPUT -i tap+ -p tcp -j tcp_packets
-A INPUT -i tap+ -p udp -j udp_packets
-A INPUT -i tap+ -p icmp -j icmp_packets
-A INPUT -d 224.0.0.0/8 -i enp4s0 -j DROP
-A FORWARD
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 45901 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 45902 -j ACCEPT
-A FORWARD -s 192.168.10.0/24 -j ACCEPT
-A FORWARD -s 192.168.11.0/24 -j ACCEPT
-A FORWARD -m pkttype --pkt-type broadcast -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 224.0.0.0/4 -j ACCEPT
-A FORWARD -p igmp -j ACCEPT
-A FORWARD -d 192.168.10.0/24 -p icmp -j icmp_packets
-A FORWARD -s 192.168.10.0/24 -p icmp -j icmp_packets
-A FORWARD -d 192.168.11.0/24 -p icmp -j icmp_packets
-A FORWARD -s 192.168.11.0/24 -p icmp -j icmp_packets
-A OUTPUT
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 195.208.136.116/32 -j ACCEPT
-A OUTPUT -s 192.168.10.1/32 -j ACCEPT
-A OUTPUT -s 192.168.11.1/32 -j ACCEPT
-A OUTPUT -s 192.168.10.1/32 -p icmp -j icmp_packets
-A OUTPUT -s 192.168.11.1/32 -p icmp -j icmp_packets
-A allowed -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A tcp_packets -p tcp -m tcp --dport 22 -j allowed
-A tcp_packets -s 192.168.10.0/24 -p tcp -j allowed
-A tcp_packets -s 192.168.11.0/24 -p tcp -j allowed
-A tcp_packets -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 3128 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 3128 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 8000 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 8000 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 8080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 8080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 1080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 1080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.80.14/32 -p tcp -m tcp --dport 21 -j REJECT --reject-with tcp-reset
-A udp_packets -s 195.208.136.96/27 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -s 192.168.10.0/24 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -s 192.168.11.0/24 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -p udp -m udp --dport 4443 -j ACCEPT
COMMIT
# Completed on Wed Oct 17 16:05:21 2018
# Generated by iptables-save v1.4.19.1 on Wed Oct 17 16:05:21 2018
*nat
:PREROUTING ACCEPT [274958:35026848]
:INPUT ACCEPT [65558:4769947]
:OUTPUT ACCEPT [46121:3335801]
:POSTROUTING ACCEPT [53362:3712995]
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 45901 -j DNAT --to-destination 192.168.10.30:80
-A POSTROUTING -s 192.168.10.0/24 -o enp4s0 -j MASQUERADE
COMMIT
# Completed on Wed Oct 17 16:05:21 2018
# Generated by iptables-save v1.4.19.1 on Wed Oct 17 16:05:21 2018
*mangle
:PREROUTING ACCEPT [17823293:11958099309]
:INPUT ACCEPT [913238:128216751]
:FORWARD ACCEPT [16910015:11829873024]
:OUTPUT ACCEPT [1018941:313645737]
:POSTROUTING ACCEPT [17926768:12143280848]
-A PREROUTING -d 2.92.2.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.39.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.50.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.154.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.165.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.24.24.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.31.168.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.184.230.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.211.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.211.127.0/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.29.193.0/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.29.194.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.30.32.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.161.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.166.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.236.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.243.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.64.24.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.68.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.109.11.176/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.106.64.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.235.211.192/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.245.160.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.33.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.86.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.113.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.136.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.139.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.140.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.122.222.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.136.128.0/17 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.175.39.0/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.72.208.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.89.133.32/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.89.135.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.208.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.72/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.96/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.128/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.232.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.117.64.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.117.160.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.17.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.24.0/26 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.70.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.73.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.74.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.76.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.114.0/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.122.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 83.172.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 84.237.0.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 85.21.219.126/31 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 88.204.0.0/17 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 89.179.89.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 89.179.233.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.64.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.96.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.112.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.193.88.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.210.72.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.210.184.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.211.184.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.211.236.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.216.211.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.217.110.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.221.36.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.221.60.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.223.120.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.226.12.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.226.73.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.50.240.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.63.64.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.125.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.126.224.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.243.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.165.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.166.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.168.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 94.28.4.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 94.251.92.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.29.106.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.29.111.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.136.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.144.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.146.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.156.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.174.192.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.191.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.123.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.124.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.197.120.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.202.12.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.227.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.9.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.48.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.81.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.106.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.114.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.156.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.164.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.174.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.180.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.196.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.15.4.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.65.32.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.209.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 178.213.72.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 188.65.16.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 193.106.132.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 194.226.60.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 195.211.196.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.73.124.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.107.224.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.107.64/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.107.128/26 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.108.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.112.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.183.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.210.64.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.243.97.192/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.8.224.80/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.18.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.29.80.0/20 -j MARK --set-xmark 0x64/0xffffffff
COMMIT
# Completed on Wed Oct 17 16:05:21 2018


Подключится через порт не выходит, но изменения после перезагрузки появились в выводе