- 论坛徽章:
- 0
|
下面是iptables-save结果,
客户机上手动设置了dns:202.106.0.20
客户机IP:10.8.33.9/24 10.8.33.251,但还是不行
# Generated by iptables-save v1.3.8 on Sat Dec 8 20:42:33 2007
*nat
REROUTING ACCEPT [740:81254]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j SNAT --to-source 61.50.*.*
COMMIT
# Completed on Sat Dec 8 20:42:33 2007
# Generated by iptables-save v1.3.8 on Sat Dec 8 20:42:33 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [724:82619]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A FORWARD -s 10.8.32.0/255.255.252.0 -p udp -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Dec 8 20:42:33 2007
[root@sushe sysconfig]# ip route
61.50.*.*/28 dev eth1 proto kernel scope link src 61.50.139.251
10.8.35.0/24 dev eth0 proto kernel scope link src 10.8.35.1
10.8.33.0/24 dev eth0 proto kernel scope link src 10.8.33.251
169.254.0.0/16 dev eth1 scope link
default via 61.50.139.241 dev eth1
[root@sushe sysconfig]# ifconfig |more
eth0 Link encap:Ethernet HWaddr 00:08:74:20:26:91
inet addr:10.8.33.251 Bcast:10.8.33.255 Mask:255.255.255.0
inet6 addr: fe80::208:74ff:fe20:2691/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2441 errors:0 dropped:0 overruns:0 frame:0
TX packets:92 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:222035 (216.8 KiB) TX bytes:12484 (12.1 KiB)
Base address:0xe8c0 Memory:ff8c0000-ff8e0000
eth0:0 Link encap:Ethernet HWaddr 00:08:74:20:26:91
inet addr:10.8.35.1 Bcast:10.8.33.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Base address:0xe8c0 Memory:ff8c0000-ff8e0000
eth1 Link encap:Ethernet HWaddr 00:03:10:01:25:07
inet addr:61.50.*.* Bcast:61.50.139.255 Mask:255.255.255.240
inet6 addr: fe80::203:10ff:fe01:2507/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3917 errors:0 dropped:0 overruns:0 frame:0
TX packets:909 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:340703 (332.7 KiB) TX bytes:116672 (113.9 KiB)
Interrupt:20 Base address:0xac00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
[
[root@sushe sysconfig]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
61.50.139.240 0.0.0.0 255.255.255.240 U 0 0 0 eth1
10.8.35.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.8.33.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 61.50.*.241 0.0.0.0 UG 0 0 0 eth1
请帮忙分析,谢谢! |
|