- 论坛徽章:
- 0
|
本帖最后由 iteeqg 于 2012-03-02 12:22 编辑
今天安装了一台centos x64的机器,想实现一下DNAT功能操作如下:
IPTABLES规则如下:
[root@down sysconfig]# service iptables status
表格:filter
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9999
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:46969
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 192.168.0.0/24 0.0.0.0/0
6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7 DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID
8 ACCEPT all -- 121.**.2**.0/24 0.0.0.0/0
9 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
10 ACCEPT all -- 183.**.223.** 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
表格:nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0 1.2.3.4 tcp dpt:52189 to:192.168.0.21:3389
2 DNAT tcp -- 0.0.0.0/0 1.2.3.4 tcp dpt:52189 to:192.168.0.21:3389
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
指令是这样加的
iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp -m tcp --dport 52189 -j DNAT --to-destination 192.168.0.21:3389
不知道为为什么总不行
然后试着加了条
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
仍然不行,
模块看又是有的
[root@down sysconfig]# lsmod | grep ipt
ipt_MASQUERADE 2400 1
iptable_filter 2759 1
iptable_nat 6124 1
nf_nat 22788 2 ipt_MASQUERADE,iptable_nat
nf_conntrack_ipv4 9440 5 iptable_nat,nf_nat
nf_conntrack 79643 5 ipt_MASQUERADE,xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
ip_tables 17733 2 iptable_filter,iptable_nat
ipt_REJECT 2349 0
求救各位大大 |
|