- 论坛徽章:
- 0
|
6可用积分
大家好,现在手上有一台路由器,在路由器后面连接一个DVR, DVR可以配置IP地址,设置为192.168.1.100,端口为85,默认网关和DNS均为路由器的IP地址。
在路由器上设置如下,设置动态DNS,通过域名"kasda.dyndns.org"可以访问路由器,将192.168.1.100设置成DMZ,并在NAT--Virtual Server中将端口转到85.
现在可以通过192.168.1.100:85访问DVR,但是不能通过kasda.dyndns.org:85访问DVR.
详细的iptables信息如下:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT udp -- anywhere 192.168.1.1 udp dpt:domain to:202.96.128.166
DNAT tcp -- anywhere anywhere tcp dpt:85 to:192.168.1.100
DNAT udp -- anywhere anywhere udp dpt:85 to:192.168.1.100
DNAT all -- anywhere anywhere to:192.168.1.100
REDIRECT udp -- anywhere anywhere udp dpt:5060 redir ports 5060
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.1.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:30006
ACCEPT tcp -- anywhere anywhere tcp dpt:30005
ACCEPT udp -- anywhere anywhere udp dpts:7070:7079
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> '
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:30006
ACCEPT tcp -- anywhere anywhere tcp dpt:30005
ACCEPT all -- anywhere 192.168.1.100
ACCEPT udp -- anywhere 192.168.1.100 udp dpt:85
ACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:85
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> '
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere 239.255.255.250
请教大家这个iptables列表有没有问题,怎样才能通过"kasda.dyndns.org:85"访问DVR?
谢谢! |
|