使用iptables做地址伪装出现异常!!!!
使用iptables做地址伪装,大部分数据包能正常伪装源IP,但也一些数据包无法伪装iptables命令为
iptables -t nat -A POSTROUTING -s 10.103.0.0/16 -j SNAT --to-source 118.144.78.157
echo "1" > /proc/sys/net/ipv4/ip_forward
但是通过抓包可以看到
15:13:34.642145 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:13:34.889378 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:13:35.705236 IP 10.103.0.13.1452 > 42.156.166.36.80: Flags , seq 1269288121:1269289078, ack 1270442436, win 15544, length 957
15:13:36.553620 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:13:39.935391 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:13:44.194912 IP 10.103.0.13.41424 > 123.151.153.103.80: Flags , seq 0, ack 1, win 4202, options , length 0
15:13:46.758047 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:13:57.398939 IP 10.103.0.13.57811 > 111.30.131.145.80: Flags , seq 0, ack 1, win 15544, length 0
15:14:00.221104 IP 10.103.0.13.55027 > 123.126.104.103.80: Flags , seq 0, ack 1, win 1415, length 0
15:14:01.812248 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags , seq 4138819012, win 0, length 0
15:14:02.148288 IP 10.103.0.13.36516 > 211.151.12.194.80: Flags , seq 4138819012, win 0, length 0
15:14:04.689262 IP 10.103.0.13.49566 > 42.62.94.2.5222: Flags , seq 2474684826:2474684842, ack 565692991, win 7300, length 16
有些数据包未能正常伪装,iptables命令和配置都是正确的。 回复 1# zmhzcy
抓到这个应该是正常的。
sip-->dip
vip-->dip
dip-->vip
你这是在哪里抓的?
页:
[1]