- 论坛徽章:
- 0
|
本帖最后由 水边鸟 于 2014-01-17 18:22 编辑
我想做DMZ服务
外网接口如下:
eth1 Link encap:Ethernet HWaddr 08:10:76:48:C7:A5
inet addr:10.0.0.253 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10730 errors:0 dropped:0 overruns:0 frame:0
TX packets:1570 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1323603 (1.2 MiB) TX bytes:141580 (138.2 KiB)
Interrupt:12
eth1:wl Link encap:Ethernet HWaddr 08:10:76:48:C7:A5
inet addr:172.20.13.253 Bcast:172.20.13.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:12
内网接口:
br0 Link encap:Ethernet HWaddr 08:10:76:48:C7:9C
inet addr:172.20.14.1 Bcast:172.20.14.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:712 errors:0 dropped:0 overruns:0 frame:0
TX packets:1092 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:62156 (60.6 KiB) TX bytes:269270 (262.9 KiB)
现在我想eth1的两个IP 都指向内网的 172.20.14.2
iptables如下
# iptables -xvL -t nat
Chain PREROUTING (policy ACCEPT 7290 packets, 515254 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT all -- eth1 any anywhere 10.0.0.253 to:172.20.14.2
0 0 DNAT all -- eth1 any anywhere 172.20.13.253 to:172.20.14.2
Chain POSTROUTING (policy ACCEPT 52 packets, 13452 bytes)
pkts bytes target prot opt in out source destination
214 14836 MASQUERADE all -- any eth1 anywhere anywhere
Chain OUTPUT (policy ACCEPT 263 packets, 28204 bytes)
pkts bytes target prot opt in out source destination
Chain MINIUPNPD (0 references)
pkts bytes target prot opt in out source destination
第一条生效了,但第二条没生效。。。。
试验过172.20.14.2的接口改为eth1:wl但是会有错误提示Warning: weird character in interface `eth1:wl' (No aliases, :, ! or *).
查了些资料说IPTABLES不支持别名IP。
http://serverfault.com/questions ... and-port-forwarding
但我的问题还是没解决,求前辈们大神们提供解决办法。 |
|
免费注册
发表于 2014-01-17 18:16
