Добрый день.
У меня на сервере крутится ubuntu server 8.04. 2 сетевых интерфейса
eth2 - 10.0.0.1 - смотрит в локалку
ppp0 - адсл соединение, с динамическим белым ip.
Инет раздается связкой dnsmasq и ipmasq.
Нужно прокинуть порт 15000 доступного снаружи, на порт 80 сервера 10.0.0.100 находящегося в локалке. вводил различные команды, не помогает(
добавлял следующие правила в iptables:
iptables -A INPUT -p tcp --destination-port 15000 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp --destination-port 15000 -j ACCEPT
iptables -A OUTPUT-p tcp --destination-port 15000 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -ppp0 --dport 15000 -j DNAT --to-destination 10.0.0.100:80
iptables -t nat -A POSTROUTING -p tcp --dst 10.0.0.100 --dport 80 -j SNAT --to-source 10.0.0.1
вывод
iptables -t nat -v -L
root@server:/etc/ipmasq/rules# iptables -v -t nat -L
Chain PREROUTING (policy ACCEPT 5891 packets, 633K bytes)
pkts bytes target prot opt in out source destination
30 1560 DNAT tcp -- ppp0 any anywhere anywhere tcp dpt:15000 to:10.0.0.100:80
Chain POSTROUTING (policy ACCEPT 60 packets, 5167 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- any any anywhere 10.0.0.100 tcp dpt:www to:10.0.0.1
2949 329K MASQUERADE all -- any ppp0 10.0.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT 60 packets, 5167 bytes)
pkts bytes target prot opt in out source destination
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:15000
306 25802 ACCEPT all -- lo any anywhere anywhere
0 0 LOG all -- !lo any 127.0.0.0/8 anywhere LOG level warning
0 0 DROP all -- !lo any 127.0.0.0/8 anywhere
3 984 ACCEPT all -- eth2 any anywhere 255.255.255.255
142 11290 ACCEPT all -- eth2 any 10.0.0.0/24 anywhere
0 0 ACCEPT !tcp -- eth2 any anywhere BASE-ADDRESS.MCAST.NET/4
0 0 LOG all -- ppp0 any 10.0.0.0/24 anywhere LOG level warning
0 0 DROP all -- ppp0 any 10.0.0.0/24 anywhere
0 0 ACCEPT all -- ppp0 any anywhere 255.255.255.255
2968 340K ACCEPT all -- ppp0 any anywhere adsl-194-220-49-19.kmtn.ru
0 0 DROP all -- any any anywhere ALL-SYSTEMS.MCAST.NET
0 0 LOG all -- any any anywhere anywhere LOG level warning
0 0 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- ppp0 any anywhere anywhere tcp dpt:15000
40592 38M ACCEPT all -- eth2 ppp0 10.0.0.0/24 anywhere
25096 2181K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 LOG all -- any ppp0 anywhere 10.0.0.0/24 LOG level warning
0 0 DROP all -- any ppp0 anywhere 10.0.0.0/24
0 0 DROP all -- any any anywhere ALL-SYSTEMS.MCAST.NET
30 1560 LOG all -- any any anywhere anywhere LOG level warning
30 1560 DROP all -- any any anywhere anywhere
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp spt:15000
306 25802 ACCEPT all -- any lo anywhere anywhere
0 0 ACCEPT all -- any eth2 anywhere 255.255.255.255
67 21769 ACCEPT all -- any eth2 anywhere 10.0.0.0/24
0 0 ACCEPT !tcp -- any eth2 anywhere BASE-ADDRESS.MCAST.NET/4
0 0 LOG all -- any ppp0 anywhere 10.0.0.0/24 LOG level warning
0 0 DROP all -- any ppp0 anywhere 10.0.0.0/24
0 0 ACCEPT all -- any ppp0 anywhere 255.255.255.255
2789 456K ACCEPT all -- any ppp0 adsl-194-220-49-19.kmtn.ru anywhere
0 0 DROP all -- any any anywhere ALL-SYSTEMS.MCAST.NET
0 0 LOG all -- any any anywhere anywhere LOG level warning
0 0 DROP all -- any any anywhere anywhere
Вот где я накосячил?