电梯直达

1楼 [收藏(0)] [报告]

发表于 2011-03-21 17:28 |只看该作者 |倒序浏览

这个是小弟的 Iptables 能连接不能上网的配置

# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*nat
:PREROUTING ACCEPT [67:7044]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 21 12:11:04 2011
# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [95:8972]
:RH-Firewall-1 - [0:0]
-A INPUT -j RH-Firewall-1
-A FORWARD -j RH-Firewall-1
-A RH-Firewall-1 -i lo -j ACCEPT
-A RH-Firewall-1 -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1 -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1 -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Mar 21 12:11:04 2011

复制代码

能连接也能上网的配置

# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*nat
:PREROUTING ACCEPT [67:7044]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 21 12:11:04 2011
# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [95:8972]
:RH-Firewall-1 - [0:0]
-A INPUT -j RH-Firewall-1
-A FORWARD -j RH-Firewall-1
-A RH-Firewall-1 -i lo -j ACCEPT
-A RH-Firewall-1 -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1 -p tcp -m tcp --dport 1723 -j ACCEPT
COMMIT
# Completed on Mon Mar 21 12:11:04 2011

复制代码

删掉 -A RH-Firewall-1 -j REJECT --reject-with icmp-host-prohibited 就能上网了
估计是还是配置问题求高手帮助～

2楼 [报告]

发表于 2011-03-21 22:22 |只看该作者

还是自己搞定了自己动手丰衣足食 = -
查看日记发现 53 和 137 这两个端口的一直很不口耐所以打开就好了~

# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*nat
:PREROUTING ACCEPT [67:7044]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 21 12:11:04 2011
# Generated by iptables-save v1.3.5 on Mon Mar 21 12:11:04 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [95:8972]
:RH-Firewall-1 - [0:0]
-A INPUT -j RH-Firewall-1
-A FORWARD -j RH-Firewall-1
-A RH-Firewall-1 -i lo -j ACCEPT
-A RH-Firewall-1 -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1 -p tcp -m state --state NEW,RELATED -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1 -p udp -m state --state NEW,RELATED -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1 -p udp -m state --state NEW,RELATED -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1 -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1 -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Mar 21 12:11:04 2011

复制代码

[vpn] 能够连接 无法上网 PPTP iptables需要允许那些？ [复制链接]

[vpn] 能够连接无法上网 PPTP iptables需要允许那些？ [复制链接]