Дано:
сервак, на котором запущена виртуальная машина, в которую надо попасть через rdp. С самого сервака могу подключиться к rdp, а порт не бросается. Помогите!!
IP сервера 192.168.0.100
IP виртуалки 192.168.122.93
sudo iptables -L -t nat --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- anywhere seguro.local tcp dpt:3389 to:192.168.122.93
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
sudo iptables-save
# Generated by iptables-save v1.4.12 on Wed Apr 3 22:28:34 2013
*nat
:PREROUTING ACCEPT [349:135723]
:INPUT ACCEPT [46:7134]
:OUTPUT ACCEPT [4520:310887]
:POSTROUTING ACCEPT [4516:310520]
-A PREROUTING -d 192.168.0.100/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.122.93
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Apr 3 22:28:34 2013
# Generated by iptables-save v1.4.12 on Wed Apr 3 22:28:34 2013
*mangle
:PREROUTING ACCEPT [192384:47610695]
:INPUT ACCEPT [191553:47390478]
:FORWARD ACCEPT [394:47866]
:OUTPUT ACCEPT [190801:25627823]
:POSTROUTING ACCEPT [191665:25725873]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Apr 3 22:28:34 2013
# Generated by iptables-save v1.4.12 on Wed Apr 3 22:28:34 2013
*filter
:INPUT ACCEPT [191538:47387642]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [190801:25627823]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Apr 3 22:28:34 2013
Разве так не правильно??
sudo iptables -t nat -A PREROUTING -p tcp -d 192.168.0.100 --dport 3389 -j DNAT --to-destination 192.168.122.93