- 论坛徽章:
- 0
|
大家好,现在手上有一台路由器,在路由器后面连接一个DVR, DVR可以配置IP地址,设置为192.168.1.100,端口为85,默认网关和DNS均为路由器的IP地址。\r\n在路由器上设置如下,设置动态DNS,通过域名\"kasda.dyndns.org\"可以访问路由器,将192.168.1.100设置成DMZ,并在NAT--Virtual Server中将端口转到85.\r\n现在可以通过192.168.1.100:85访问DVR,但是不能通过kasda.dyndns.org:85访问DVR.\r\n\r\n详细的iptables信息如下:\r\n# iptables -t nat -L\r\nChain PREROUTING (policy ACCEPT)\r\ntarget prot opt source destination \r\nDNAT udp -- anywhere 192.168.1.1 udp dpt:domain to:202.96.128.166 \r\nDNAT tcp -- anywhere anywhere tcp dpt:85 to:192.168.1.100 \r\nDNAT udp -- anywhere anywhere udp dpt:85 to:192.168.1.100 \r\nDNAT all -- anywhere anywhere to:192.168.1.100 \r\nREDIRECT udp -- anywhere anywhere udp dpt:5060 redir ports 5060 \r\n\r\nChain POSTROUTING (policy ACCEPT)\r\ntarget prot opt source destination \r\nMASQUERADE all -- 192.168.1.0/24 anywhere \r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\n\r\n#iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\nACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:30006 \r\nACCEPT tcp -- anywhere anywhere tcp dpt:30005 \r\nACCEPT udp -- anywhere anywhere udp dpts:7070:7079 \r\nACCEPT udp -- anywhere anywhere udp dpt:5060 \r\nACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED \r\nLOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> \' \r\nDROP all -- anywhere anywhere \r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget prot opt source destination \r\nACCEPT udp -- 192.168.1.0/24 anywhere udp dpt:30006 \r\nACCEPT tcp -- anywhere anywhere tcp dpt:30005 \r\nACCEPT all -- anywhere 192.168.1.100 \r\nACCEPT udp -- anywhere 192.168.1.100 udp dpt:85 \r\nACCEPT tcp -- anywhere 192.168.1.100 tcp dpt:85 \r\nTCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU \r\nTCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU \r\nACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED \r\nLOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 6/hour burst 5 LOG level alert prefix `Intrusion -> \' \r\nDROP all -- anywhere anywhere \r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\nDROP all -- anywhere 239.255.255.250 \r\n\r\n请教大家这个iptables列表有没有问题,怎样才能通过\"kasda.dyndns.org:85\"访问DVR?\r\n\r\n谢谢! |
|