Проброс портов в iptables

[FLAXE]

Здравствуйте уважаемые форумчане, не могу понять почему не пробрасываются порты. Конфигурация досталась от приведущего администратора, нашел примеры пробросов по аналогии сделал. Не работает.
Вот две строки которые участвуют в пробросе:

Код: [Выделить]

$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45990 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp --dport 45990 -i $INET_IFACE -j DNAT --to-destrination 192.168.10.30:80

Вот конфиг(/etc/init.d/firewall) целиком:

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

#!/bin/sh

INET_IP="xxx.xxx.xxx.xxx"
INET_NET="xxx.xxx.xxx.xxx/27"
INET_IFACE="enp4s0"

LOCAL_IP="192.168.10.1"
LOCAL_NET="192.168.10.0/24"
LOCAL_IFACE="enp4s8"


TUN_IP="xxx.xxx.xxx.xxx"
TUN_NET="xxx.xxx.xxx.xxx/24"
TUN_IFACES="tun+ tap+"

LO_IFACE="lo"
LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"[<0;147;60M
MODPROBE="/sbin/modprobe"

tomsknets_file="/etc/tomsknets"
route_bin="/sbin/route"
cat_bin="/bin/cat"

firewall_start() {

        echo -e "\033[1m\033[32m"

        echo "[ Loading firewall rules ]"

        echo "  creating counters ..."
        $IPTABLES -A INPUT
        $IPTABLES -A OUTPUT
        $IPTABLES -A FORWARD

        echo "  set polices for main chains ..."
        $IPTABLES -P INPUT DROP
        $IPTABLES -P OUTPUT DROP
        $IPTABLES -P FORWARD DROP

        echo "  creating packets chains ..."
        $IPTABLES -N bad_tcp_packets
        $IPTABLES -N allowed
        $IPTABLES -N tcp_packets
        $IPTABLES -N udp_packets
        $IPTABLES -N icmp_packets

        echo "  append rules for chain: bad_tcp_packets ..."
        $IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \
                  -m state --state NEW -j REJECT --reject-with tcp-reset
        $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
                  --log-prefix "New not syn:"
        $IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
 echo "  append rules for chain: allowed ..."
        $IPTABLES -A allowed -p TCP --syn -j ACCEPT
        $IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A allowed -p TCP -j DROP

        echo -n "  allow tcp port: "
        for port in 22 ; do
                echo -n "$port "
                $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport $port -j allowed
        done
        echo "..."
        $IPTABLES -A tcp_packets -p TCP -s $LOCAL_NET -j allowed
        $IPTABLES -A tcp_packets -p TCP -s $TUN_NET -j allowed
echo "  deny specify tcp ports and hosts ..."
        $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 217.29.87.254 --dport 3128 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 213.183.112.98 --dport 3128 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 217.29.87.254 --dport 8000 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 213.183.112.98 --dport 8000 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 217.29.87.254 --dport 8080 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 213.183.112.98 --dport 8080 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 217.29.87.254 --dport 1080 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 213.183.112.98 --dport 1080 -j REJECT --reject-with tcp-reset
        $IPTABLES -A tcp_packets -p TCP -s 217.29.80.14 --dport 21 -j REJECT --reject-with tcp-reset

        echo "  allow udp ports ..."
        $IPTABLES -A udp_packets -p UDP -s $INET_NET --destination-port 137:138 -j ACCEPT
        $IPTABLES -A udp_packets -p UDP -s $LOCAL_NET --destination-port 137:138 -j ACCEPT
        $IPTABLES -A udp_packets -p UDP -s $TUN_NET --destination-port 137:138 -j ACCEPT
        $IPTABLES -A udp_packets -p UDP -s 0/0 --destination-port 4443 -j ACCEPT

        echo "  set rules for icmp proto ..."
        $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
        $IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT

        echo "  set rules for INPUT chain ..."
        $IPTABLES -A INPUT -p tcp -j bad_tcp_packets
        $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
        $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LOCAL_IP -j ACCEPT
        $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $TUN_IP -j ACCEPT
        $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT

        $IPTABLES -A INPUT -p UDP --dport 53 -j ACCEPT

        $IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A INPUT -p ALL -d $LOCAL_IP -m state --state ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A INPUT -p ALL -d $TUN_IP -m state --state ESTABLISHED,RELATED -j ACCEPT

        for iface in $INET_IFACE $LOCAL_IFACE $TUN_IFACES ; do

                $IPTABLES -A INPUT -p TCP -i $iface -j tcp_packets
                $IPTABLES -A INPUT -p UDP -i $iface -j udp_packets
                $IPTABLES -A INPUT -p ICMP -i $iface -j icmp_packets
        done


        $IPTABLES -A INPUT -i $INET_IFACE -d 224.0.0.0/8 -j DROP

        $IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
                  --log-level debug --log-prefix "IPT INPUT packet died: "
  echo "  set rules for FORWARD chain ..."
        $IPTABLES -A FORWARD -p tcp -j bad_tcp_packets

        $IPTABLES -A FORWARD -s 0/0 -p tcp --dport 53 -j ACCEPT
        $IPTABLES -A FORWARD -s 0/0 -p udp --dport 53 -j ACCEPT
        #$IPTABLES -l FORWARD -d $INET_IP -p tcp --dport 45990 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45999 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45998 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45997 -j ACCEPT
        $IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45990 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45991 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45993 -j ACCEPT
        #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45994 -j ACCEPT

        $IPTABLES -A FORWARD -s 0/0 -p tcp --dport 80 -j ACCEPT
        $IPTABLES -A FORWARD -s 0/0 -p tcp --dport 8090 -j ACCEPT


        $IPTABLES -A FORWARD -s $LOCAL_NET -j ACCEPT
        $IPTABLES -A FORWARD -s $TUN_NET -j ACCEPT
        $IPTABLES -A FORWARD -s $INET_IFACE -j ACCEPT

        $IPTABLES -A FORWARD -m pkttype --pkt-type broadcast -j ACCEPT
        $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
        $IPtABLES -l FORWARD -m conntrack --crstate ESTABLISHED,RELATED -j ACCEPT
        echo "  allow tcp port for local ..."
        $IPTABLES -A FORWARD -s 0/0 -d 224.0.0.0/4 -j ACCEPT
        $IPTABLES -A FORWARD -p igmp -s 0/0 -d 0/0 -j ACCEPT

        echo "  set rules for icmp proto for local ..."
        $IPTABLES -A FORWARD -p ICMP -d $LOCAL_NET -j icmp_packets
        $IPTABLES -A FORWARD -p ICMP -s $LOCAL_NET -j icmp_packets
        $IPTABLES -A FORWARD -p ICMP -d $TUN_NET -j icmp_packets
        $IPTABLES -A FORWARD -p ICMP -s $TUN_NET -j icmp_packets
 $IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
                  --log-level debug --log-prefix "IPT FORWARD packet died: "



        echo "  set rules for OUTPUT chain ..."

        $IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets

        $IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
        $IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
        $IPTABLES -A OUTPUT -p ALL -s $LOCAL_IP -j ACCEPT
        $IPTABLES -A OUTPUT -p ALL -s $TUN_IP -j ACCEPT
        $IPTABLES -A OUTPUT -p ICMP -s $LOCAL_IP -j icmp_packets
        $IPTABLES -A OUTPUT -p ICMP -s $TUN_IP -j icmp_packets

        $IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
                  --log-level debug --log-prefix "IPT OUTPUT packet died: "

        echo "  set rules for PREROUTING chain ..."

        # Allow tomsk nets
        tomsknets=`${cat_bin} ${tomsknets_file}`

        for tomsknet in ${tomsknets} ; do
               $IPTABLES -t mangle -A PREROUTING -d ${tomsknet} -j MARK --set-mark 100
        done
        #$IPTABLES -t mangle -A PREROUTING -p tcp --dport 110 -j MARK --set-mark 102

        #$IPTABLES -t nat -A PREROUTING -p tcp --dport 110 -i $TUN_IFACE ! -s 192.168.10.1 -j DNAT --to-destination 192.168.10.1:110
  # RDP on servers
        #$IPTABLES -t nat -A PREROUTING -p tcp --dport 3389 -i $INET_IFACE -j DNAT --to-destination 192.168.1.1:3389
        #IPTABLES -t nat -A PREROUTING -p tcp --dport 45999 -i $INET_IFACE -j DNAT --to-destination 192.168.10.139:80
        #IPTABLES -t nat -A PREROUTING -p tcp --dport 45998 -i $INET_IFACE -j DNAT --to-destination 192.168.10.120:8090
        #IPTABLES -t nat -A PREROUTING -p tcp --dport 45997 -i $INET_IFACE -j DNAT --to-destination 192.168.10.53:3389
        $IPTABLES -t nat -A PREROUTING -p tcp --dport 45990 -i $INET_IFACE -j DNAT --to-destination 192.168.10.30:80
        #$IPTABLES -t nat -A PREROUTING -p tcp --dport 45991 -i $INET_IFACE -j DNAT --to-destination 192.168.10.31:80
        #$IPTABLES -t nat -A PREROUTING -p tcp --dport 45993 -i $INET_IFACE -j DNAT --to-destination 192.168.10.33:80
        #$IPTABLES -t nat -A PREROUTING -p tcp --dport 45994 -i $INET_IFACE -j DNAT --to-destination 192.168.10.34:80
        echo "  set rules for NAT table ..."

        #$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NET -m mark --mark 100 -o $INET_IFACE -j MASQUERADE
        $IPTABLES -t nat -A POSTROUTING -s $LOCAL_NET -o $INET_IFACE -j MASQUERADE

        echo "[ firewall rules loading completed ]"

        echo -e "\033[0m"
}
firewall_stop() {
        echo -e "\033[1m\033[31m"
        echo "[ Unloading firewall rules ]"
        echo "  changing default policies to ACCEPT ..."
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -t nat -P PREROUTING ACCEPT
        $IPTABLES -t nat -P POSTROUTING ACCEPT
        $IPTABLES -t nat -P OUTPUT ACCEPT
        $IPTABLES -t mangle -P PREROUTING ACCEPT
        $IPTABLES -t mangle -P OUTPUT ACCEPT

        echo "  flush all the rules in all tables ..."

        $IPTABLES -F
        $IPTABLES -t nat -F
        $IPTABLES -t mangle -F

        $IPTABLES -X
        $IPTABLES -t nat -X
        $IPTABLES -t mangle -X
        echo "[ firewall rules unloading completed ]"

}
case "$1" in
    'start')
    firewall_start
    ;;
    'stop')
    firewall_stop
    ;;
    'restart')
    firewall_stop
    firewall_start
    ;;
    *)
     echo "usage $0 start|stop|restart"
esac
###########################################################################
#
# /proc set up.
#
# 1 Required proc configuration
#
echo "0" > /proc/sys/net/ipv4/igmp_max_msf
echo "0" > /proc/sys/net/ipv4/igmp_max_memberships
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# 2 Non-Required proc configuration
#

#echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
#echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp
echo "0" > /proc/sys/net/ipv4/ip_dynaddr


Буду очень благодарен за помощь и пояснения, т.к. не понимаю данную тему еще.

[AnrDaemon]

Показывайте iptables-save

[FLAXE]

пожалуйста

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

# Generated by iptables-save v1.4.19.1 on Wed Oct  3 11:22:12 2018
*mangle
:PREROUTING ACCEPT [411335490:320696733511]
:INPUT ACCEPT [58901557:17232403958]
:FORWARD ACCEPT [352411300:303461432977]
:OUTPUT ACCEPT [15293680:6314497907]
:POSTROUTING ACCEPT [367696816:309774916719]
-A PREROUTING -d 2.92.2.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.39.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.50.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.154.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 2.92.165.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.24.24.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.31.168.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.184.230.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.211.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 31.211.127.0/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.29.193.0/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.29.194.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.30.32.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.161.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.166.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.236.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 46.243.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.64.24.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.68.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 62.109.11.176/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.106.64.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.235.211.192/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 77.245.160.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.33.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.86.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.106.113.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.136.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.139.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 78.140.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.122.222.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.136.128.0/17 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 79.175.39.0/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.72.208.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.89.133.32/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 80.89.135.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.208.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.72/29 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.96/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.229.128/25 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 81.1.232.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.117.64.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.117.160.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.17.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.24.0/26 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.70.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.73.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.74.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.76.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.114.0/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 82.200.122.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 83.172.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 84.237.0.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 85.21.219.126/31 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 88.204.0.0/17 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 89.179.89.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 89.179.233.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.64.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.96.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 90.188.112.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.193.88.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.210.72.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.210.184.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.211.184.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.211.236.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.216.211.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.217.110.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.221.36.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.221.60.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.223.120.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.226.12.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 91.226.73.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.50.240.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.63.64.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.125.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.126.224.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 92.243.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.165.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.166.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 93.91.168.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 94.28.4.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 94.251.92.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.29.106.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.29.111.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.136.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.144.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.146.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.170.156.0/23 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.174.192.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 95.191.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.123.128.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.124.0.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.197.120.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.202.12.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 109.227.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.9.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.48.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.81.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.106.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.114.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.156.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.164.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.174.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.180.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 128.73.196.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.15.4.0/24 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.65.32.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 176.209.192.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 178.213.72.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 188.65.16.0/21 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 193.106.132.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 194.226.60.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 195.211.196.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.73.124.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.107.224.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.107.64/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.107.128/26 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.108.0/22 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 212.192.112.0/20 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.183.96.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.210.64.0/18 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 213.243.97.192/27 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.8.224.80/28 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.18.128.0/19 -j MARK --set-xmark 0x64/0xffffffff
-A PREROUTING -d 217.29.80.0/20 -j MARK --set-xmark 0x64/0xffffffff
COMMIT
# Completed on Wed Oct  3 11:22:12 2018
# Generated by iptables-save v1.4.19.1 on Wed Oct  3 11:22:12 2018
*nat
:PREROUTING ACCEPT [48025812:15977081022]
:INPUT ACCEPT [575004:41542837]
:OUTPUT ACCEPT [556777:40921934]
:POSTROUTING ACCEPT [583006:42305501]
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 45999 -j DNAT --to-destination 192.168.10.139:80
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 45998 -j DNAT --to-destination 192.168.10.120:8090
-A PREROUTING -i enp4s0 -p tcp -m tcp --dport 12345 -j DNAT --to-destination 192.168.10.53:3389
-A POSTROUTING -s 192.168.10.0/24 -o enp4s0 -j MASQUERADE
COMMIT
# Completed on Wed Oct  3 11:22:12 2018
# Generated by iptables-save v1.4.19.1 on Wed Oct  3 11:22:12 2018
*filter
:INPUT DROP [46318330:15718687204]
:FORWARD DROP [55:2328]
:OUTPUT DROP [0:0]
:allowed - [0:0]
:bad_tcp_packets - [0:0]
:icmp_packets - [0:0]
:tcp_packets - [0:0]
:udp_packets - [0:0]
-A INPUT
-A INPUT -p tcp -j bad_tcp_packets
-A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -s 192.168.10.1/32 -i lo -j ACCEPT
-A INPUT -s 192.168.11.1/32 -i lo -j ACCEPT
-A INPUT -s 195.208.136.116/32 -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -d 195.208.136.116/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.10.1/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 192.168.11.1/32 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i enp4s0 -p tcp -j tcp_packets
-A INPUT -i enp4s0 -p udp -j udp_packets
-A INPUT -i enp4s0 -p icmp -j icmp_packets
-A INPUT -i enp4s8 -p tcp -j tcp_packets
-A INPUT -i enp4s8 -p udp -j udp_packets
-A INPUT -i enp4s8 -p icmp -j icmp_packets
-A INPUT -i tun+ -p tcp -j tcp_packets
-A INPUT -i tun+ -p udp -j udp_packets
-A INPUT -i tun+ -p icmp -j icmp_packets
-A INPUT -i tap+ -p tcp -j tcp_packets
-A INPUT -i tap+ -p udp -j udp_packets
-A INPUT -i tap+ -p icmp -j icmp_packets
-A INPUT -d 224.0.0.0/8 -i enp4s0 -j DROP
-A FORWARD
-A FORWARD -p tcp -j bad_tcp_packets
-A FORWARD -p tcp -m tcp --dport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 45999 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 45998 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8090 -j ACCEPT
-A FORWARD -s 192.168.10.0/24 -j ACCEPT
-A FORWARD -s 192.168.11.0/24 -j ACCEPT
-A FORWARD -m pkttype --pkt-type broadcast -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 224.0.0.0/4 -j ACCEPT
-A FORWARD -p igmp -j ACCEPT
-A FORWARD -d 192.168.10.0/24 -p icmp -j icmp_packets
-A FORWARD -s 192.168.10.0/24 -p icmp -j icmp_packets
-A FORWARD -d 192.168.11.0/24 -p icmp -j icmp_packets
-A FORWARD -s 192.168.11.0/24 -p icmp -j icmp_packets
-A OUTPUT
-A OUTPUT -p tcp -j bad_tcp_packets
-A OUTPUT -s 127.0.0.1/32 -j ACCEPT
-A OUTPUT -s 195.208.136.116/32 -j ACCEPT
-A OUTPUT -s 192.168.10.1/32 -j ACCEPT
-A OUTPUT -s 192.168.11.1/32 -j ACCEPT
-A OUTPUT -s 192.168.10.1/32 -p icmp -j icmp_packets
-A OUTPUT -s 192.168.11.1/32 -p icmp -j icmp_packets
-A allowed -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A allowed -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A allowed -p tcp -j DROP
-A bad_tcp_packets -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
-A bad_tcp_packets -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A icmp_packets -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A icmp_packets -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A tcp_packets -p tcp -m tcp --dport 22 -j allowed
-A tcp_packets -s 192.168.10.0/24 -p tcp -j allowed
-A tcp_packets -s 192.168.11.0/24 -p tcp -j allowed
-A tcp_packets -p tcp -m tcp --dport 113 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 3128 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 3128 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 8000 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 8000 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 8080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 8080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.87.254/32 -p tcp -m tcp --dport 1080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 213.183.112.98/32 -p tcp -m tcp --dport 1080 -j REJECT --reject-with tcp-reset
-A tcp_packets -s 217.29.80.14/32 -p tcp -m tcp --dport 21 -j REJECT --reject-with tcp-reset
-A udp_packets -s 195.208.136.96/27 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -s 192.168.10.0/24 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -s 192.168.11.0/24 -p udp -m udp --dport 137:138 -j ACCEPT
-A udp_packets -p udp -m udp --dport 4443 -j ACCEPT
COMMIT
# Completed on Wed Oct  3 11:22:12 2018


не вижу что правила которые в одном конфиге, в данном выводе есть. Я что-то не так видимо делаю.. прописываю прям в /etc/init.d/firewal конфиг

[AnrDaemon]

Очевидно же, что /etc/init.d/firewall не имеет никакого отношения к вашему текущему конфигу.
Ищите, откуда реально грузятся правила.

[FLAXE]

а как это сделать?
Я не понимаю как это работает, нормальных статей с описанием нет. Там только зайди туда и сделайте то, все будет работать. А когда уже живое и работает, как найти как он устроен?
В  /etc/init.d/firewal есть такая вот строчка, скажите вот это что значит и нужно там зачем?

Код: [Выделить]

IPTABLES="/sbin/iptables"[<0;147;60M
В частности вот эти дополнительные записи

Код: [Выделить]

[<0;147;60M

[AnrDaemon]

Это мусор в терминале, скорее всего, из-за несовпадения описания вашего текущего терминала с его реальными возможностями.
Попробуйте

Код: [Выделить]

grep -RP "\\b45999\\b" /etc/

[FLAXE]

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

grep -RP "\\b45999\\b" /etc/         0 [14:24:29]
grep: /etc/openldap/slapd.ldif: Permission denied
grep: /etc/openldap/DB_CONFIG.example: Permission denied
grep: /etc/openldap/slapd.conf: Permission denied
grep: /etc/openldap/slapd.conf.default: Permission denied
grep: /etc/openldap/ssl/ldap.key: Permission denied
grep: /etc/openldap/ssl/ldap.pem: Permission denied
grep: /etc/openldap/slapd.ldif.default: Permission denied
grep: /etc/sudoers.d: Permission denied
grep: /etc/bind/sec: Permission denied
grep: /etc/bind/named.conf~: Permission denied
grep: /etc/bind/bind.keys: Permission denied
grep: /etc/bind/pri: Permission denied
grep: /etc/bind/rndc.key: Permission denied
grep: /etc/bind/dyn: Permission denied
grep: /etc/bind/named.conf: Permission denied
grep: /etc/sasl2/sasldb2: Permission denied
grep: /etc/shadow: Permission denied
grep: /etc/default/useradd: Permission denied
grep: /etc/cron.hourly: Permission denied
grep: /etc/sudoers.tmp~: Permission denied
grep: /etc/cron.daily: Permission denied
grep: /etc/runlevels/default/udev-postmount: No such file or directory
grep: /etc/runlevels/sysinit/tmpfilesd.sysinit: No such file or directory
grep: /etc/runlevels/boot/tmpfilesd.boot: No such file or directory
grep: /etc/openvpn/ipp.txt: Permission denied
grep: /etc/openvpn/server.key: Permission denied
grep: /etc/openvpn/openvpn-status.log: Permission denied
grep: /etc/group-: Permission denied
grep: /etc/securetty: Permission denied
grep: /etc/ppp/chap-secrets.example: Permission denied
grep: /etc/ppp/pap-secrets: Permission denied
grep: /etc/ppp/pap-secrets.example: Permission denied
grep: /etc/ppp/chap-secrets: Permission denied
/etc/init.d/firewall:   #$IPTABLES -A FORWARD -s 0/0 -p tcp --dport 45999 -j ACCEPT
/etc/init.d/firewall:   #IPTABLES -t nat -A PREROUTING -p tcp --dport 45999 -i $INET_IFACE -j DNAT --to-destination 192.168.10.139:80
/etc/init.d/firewall~:  #IPTABLES -t nat -A PREROUTING -p tcp --dport 45999 -i $INET_IFACE -j DNAT --to-destination 192.168.10.139:80
grep: /etc/cron.weekly: Permission denied
grep: /etc/ssh/ssh_host_key: Permission denied
grep: /etc/ssh/ssh_host_rsa_key: Permission denied
grep: /etc/ssh/ssh_host_ecdsa_key: Permission denied
grep: /etc/ssh/sshd_config: Permission denied
grep: /etc/ssh/ssh_host_dsa_key: Permission denied
grep: /etc/gshadow-: Permission denied
grep: /etc/eselect/boost/active: No such file or directory
grep: /etc/ssmtp/ssmtp.conf: Permission denied
grep: /etc/ssl/private: Permission denied
grep: /etc/ssl/apache2/server.pem: Permission denied
grep: /etc/ssl/apache2/server.key: Permission denied
grep: /etc/ssl/certs/TC_TrustCenter__Germany__Class_2_CA.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca1_pem.pem: No such file or directory
grep: /etc/ssl/certs/cert_igca_dsa.pem: No such file or directory
grep: /etc/ssl/certs/signet_rootca_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_tsa1_pem.pem: No such file or directory
grep: /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority.pem: No such file or directory
grep: /etc/ssl/certs/signet_ocspklasa3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_pca3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_pca2_pem.pem: No such file or directory
grep: /etc/ssl/certs/TC_TrustCenter__Germany__Class_3_CA.pem: No such file or directory
grep: /etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem: No such file or directory
grep: /etc/ssl/certs/signet_ocspklasa2_pem.pem: No such file or directory
grep: /etc/ssl/certs/cert_igca_rsa.pem: No such file or directory
grep: /etc/ssl/certs/brasil.gov.br.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca2_pem.pem: No such file or directory
grep: /etc/ssl/squid: Permission denied
grep: /etc/shadow-: Permission denied
grep: /etc/.pwd.lock: Permission denied
grep: /etc/cron.monthly: Permission denied
grep: /etc/sudoers: Permission denied
grep: /etc/gshadow: Permission denied


[AnrDaemon]

Чудеса.
Или это вы комментарий в "#$IPTABLES" ставили?

[FLAXE]

  коментарий

[FLAXE]

(Нажмите, чтобы показать/скрыть)

Код: [Выделить]

/etc/init.d/firewall~ restart                                                                                                                                                              0 [11:13:17]

[ Unloading firewall rules ]
  changing default policies to ACCEPT ...
  flush all the rules in all tables ...
[ firewall rules unloading completed ]

[ Loading firewall rules ]
  creating counters ...
  set polices for main chains ...
  creating packets chains ...
  append rules for chain: bad_tcp_packets ...
iptables: No chain/target/match by that name.
  append rules for chain: allowed ...
  allow tcp port: 22 ...
  deny specify tcp ports and hosts ...
  allow udp ports ...
  set rules for icmp proto ...
  set rules for INPUT chain ...
iptables: No chain/target/match by that name.
  set rules for FORWARD chain ...
  allow tcp port for local ...
  set rules for icmp proto for local ...
iptables: No chain/target/match by that name.
  set rules for OUTPUT chain ...
iptables: No chain/target/match by that name.
  set rules for PREROUTING chain ...
  set rules for NAT table ...
[ firewall rules loading completed ]

xxxx@xxx </etc/init.d> # /etc/init.d/firewall restart                                                                                                                                                               0 [11:13:27]
/etc/init.d/firewall: line 19: 0: No such file or directory
/etc/init.d/firewall: line 19: 147: command not found
/etc/init.d/firewall: line 19: 60M: command not found

[ Unloading firewall rules ]
  changing default policies to ACCEPT ...
/etc/init.d/firewall: line 198: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 199: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 200: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 201: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 202: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 203: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 204: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 205: /sbin/iptables[: No such file or directory
  flush all the rules in all tables ...
/etc/init.d/firewall: line 209: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 210: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 211: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 213: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 214: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 215: /sbin/iptables[: No such file or directory
[ firewall rules unloading completed ]

[ Loading firewall rules ]
  creating counters ...
/etc/init.d/firewall: line 33: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 34: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 35: /sbin/iptables[: No such file or directory
  set polices for main chains ...
/etc/init.d/firewall: line 38: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 39: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 40: /sbin/iptables[: No such file or directory
  creating packets chains ...
/etc/init.d/firewall: line 43: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 44: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 45: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 46: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 47: /sbin/iptables[: No such file or directory
  append rules for chain: bad_tcp_packets ...
/etc/init.d/firewall: line 50: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 52: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 54: /sbin/iptables[: No such file or directory
  append rules for chain: allowed ...
/etc/init.d/firewall: line 57: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 58: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 59: /sbin/iptables[: No such file or directory
  allow tcp port: 22 /etc/init.d/firewall: line 64: /sbin/iptables[: No such file or directory
...
/etc/init.d/firewall: line 67: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 68: /sbin/iptables[: No such file or directory
  deny specify tcp ports and hosts ...
/etc/init.d/firewall: line 71: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 72: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 73: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 74: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 75: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 76: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 77: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 78: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 79: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 80: /sbin/iptables[: No such file or directory
  allow udp ports ...
/etc/init.d/firewall: line 83: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 84: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 85: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 86: /sbin/iptables[: No such file or directory
  set rules for icmp proto ...
/etc/init.d/firewall: line 89: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 90: /sbin/iptables[: No such file or directory
  set rules for INPUT chain ...
/etc/init.d/firewall: line 93: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 94: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 95: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 96: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 97: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 99: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 101: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 102: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 103: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 107: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 108: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 109: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 107: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 108: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 109: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 107: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 108: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 109: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 107: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 108: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 109: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 113: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 115: /sbin/iptables[: No such file or directory
  set rules for FORWARD chain ...
/etc/init.d/firewall: line 121: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 123: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 124: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 125: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 127: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 128: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 131: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 132: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 133: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 135: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 136: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 137: -l: command not found
  allow tcp port for local ...
/etc/init.d/firewall: line 139: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 140: /sbin/iptables[: No such file or directory
  set rules for icmp proto for local ...
/etc/init.d/firewall: line 143: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 144: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 145: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 146: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 148: /sbin/iptables[: No such file or directory
  set rules for OUTPUT chain ...
/etc/init.d/firewall: line 155: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 157: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 158: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 159: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 160: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 161: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 162: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 164: /sbin/iptables[: No such file or directory
  set rules for PREROUTING chain ...
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 173: /sbin/iptables[: No such file or directory
/etc/init.d/firewall: line 180: /sbin/iptables[: No such file or directory
  set rules for NAT table ...
/etc/init.d/firewall: line 187: /sbin/iptables[: No such file or directory
[ firewall rules loading completed ]



Нашел два конфига у фаервола, поковырял.. поудалял коментарии, в том выводе коментарий исчез после удаления данной строчки в втором конфиге с тильдой.

Код: [Выделить]

grep -RP "\\b45999\\b" /etc/                                                                                                                                                               0 [11:13:50]
grep: /etc/runlevels/default/udev-postmount: No such file or directory
grep: /etc/runlevels/sysinit/tmpfilesd.sysinit: No such file or directory
grep: /etc/runlevels/boot/tmpfilesd.boot: No such file or directory
grep: /etc/eselect/boost/active: No such file or directory
grep: /etc/ssl/certs/TC_TrustCenter__Germany__Class_2_CA.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca1_pem.pem: No such file or directory
grep: /etc/ssl/certs/cert_igca_dsa.pem: No such file or directory
grep: /etc/ssl/certs/signet_rootca_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_tsa1_pem.pem: No such file or directory
grep: /etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority.pem: No such file or directory
grep: /etc/ssl/certs/signet_ocspklasa3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_pca3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_pca2_pem.pem: No such file or directory
grep: /etc/ssl/certs/TC_TrustCenter__Germany__Class_3_CA.pem: No such file or directory
grep: /etc/ssl/certs/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem: No such file or directory
grep: /etc/ssl/certs/signet_ocspklasa2_pem.pem: No such file or directory
grep: /etc/ssl/certs/cert_igca_rsa.pem: No such file or directory
grep: /etc/ssl/certs/brasil.gov.br.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca3_pem.pem: No such file or directory
grep: /etc/ssl/certs/signet_ca2_pem.pem: No such file or directory


[AnrDaemon]

Ммм, а какой эффект ожидался?

[FLAXE]

магия, я в слепую что-то сделал не очень понял зачем.
доки по данному вопросу мне не открывают вопрос о моей проблеме, все ведут в фаервол конфиг и типа все там просто.
А тут, я ожидаю что нужные мне порты откроются. А этого не происходит

[AnrDaemon]

Потому что ваши действия никого отношения к открытию портов пока не имели.

[FLAXE]

можно попросить Вас, рассказать мне - что нужно сделать, чтоб открыть порт и подключится к устройству в локальной сети из внешней сети?

[AnrDaemon]

Судя по вашим попыткам, вам сначала всё таки надо определиться, как именно правила попадают в систему.
Машину после ваших танцев перезагружали?