- 论坛徽章:
- 0
|
IPTABLES=/sbin/iptables
#clean up everything first each time any of the rule has been changed
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
# Set default policies for packets going through this firewall box
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -P FORWARD ACCEPT
# Set default policies for packet entering this box
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT ACCEPT
# Kill spoofed packets
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 > $f
done
$IPTABLES -t nat -A POSTROUTING -o $ETH0 -j MASQUERADE
echo "1" >/proc/sys/net/ipv4/ip_forward
echo "1" >/proc/sys/net/ipv4/ip_dynaddr
echo "firewall is not enabled but NAT is on."
$IPTABLES -t nat -A PREROUTING -p tcp --dport 1723 -j DNAT --to 192.168.1.3
$IPTABLES -t nat -A PREROUTING -p tcp --dport 47 -j DNAT --to 192.168.1.3
exit
这是我的iptables,
/sbin/iptables -A INPUT -p gre -j ACCEPT 1723 错误。
iptables v1.2.9: unknown protocol `gre' specified
Try `iptables -h' or 'iptables --help' for more information. |
|