论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-02-26 11:42 |只看该作者 |倒序浏览

以下是我的IPTBALE的配置文件，是用ADSL拔号上网的，里面装了花生壳，想通过动态域名进行SSH连接，为什么总是连接不上去呢？那位帮我看看是那里有问题。谢谢！！
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.40/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.43/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.44/24 -d 0/0 -j MASQUERADE
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443,449,25,110,3128,6160 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -s 192.168.1.6/24 -d 192.168.1.2/24 -j ACCEPT

##iptables -t nat -A PREROUTING -i eth0 -s $SZNET -d 0/0 -p tcp --dport 80 -j REDIRECT --to-port 3128

iptables -t nat -A POSTROUTING -o ppp0 -s $SZNET -d 0/0 -p tcp -m multiport --dport 22,6060,6160,25,53,80,110,443,449,5000,5050,8476,7708,7709 -j MASQUERADE

iptables -t nat -A POSTROUTING -o ppp0 -s $SZNET -d 0/0 -p udp -m multiport --dport 53,5000,5050,6060 -j MASQUERADE

############FORWARD###################

iptables -P FORWARD DROP
iptables -I FORWARD -s 192.168.1.40 -d 0/0 -j ACCEPT
iptables -I FORWARD -s 192.168.1.43 -d 0/0 -j ACCEPT
iptables -I FORWARD -s 192.168.1.44 -d 0/0 -j ACCEPT
iptables -A FORWARD -p tcp -s $SZNET -m multiport --dports 6160,22,6060,25,80,110,443,449,3128,5050,5000,8476,7708,7709 -j ACCEPT
iptables -A FORWARD -p udp -s $SZNET --dport 53 -j ACCEPT
iptables -A FORWARD -p tcp -s $SZNET --dport 53 -j ACCEPT
iptables -A FORWARD -p icmp -s $SZNET -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT