- 论坛徽章:
- 8
|
本帖最后由 zl624867243 于 2015-11-30 09:33 编辑
我用iptables做了端口映射,从13306转发到内网的3306,但是我想控制外网某个ip 113.118.110.250 能访问转发的端口,其他ip不能访问该如何设置?我在input链上设置不行。该怎么控制了?- # Generated by iptables-save v1.4.7 on Sat Nov 28 13:29:40 2015
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -A POSTROUTING -o eth0 -j MASQUERADE
- -A PREROUTING -p tcp -m tcp --dport 13306 -j DNAT --to-destination 192.168.2.34:3306
- -A POSTROUTING -d 192.168.2.34 -p tcp -m tcp --dport 3306 -j SNAT --to-source 58.61.48.159
- COMMIT
- # Completed on Sat Nov 28 13:29:40 2015
- # Generated by iptables-save v1.4.7 on Sat Nov 28 13:29:40 2015
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [134:14800]
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- ##ssh
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
- # -A INPUT --dport 13306:13306 -j DROP
- #-A INPUT -m state --state NEW -m tcp -p tcp --dport 13306 -j ACCEPT
- #-A INPUT -s 113.118.110.250/32 -m state --state NEW -m tcp -p tcp --dport 13306 -j ACCEPT
- ######################
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- #-A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
- # Completed on Sat Nov 28 13:29:40 2015
|
|
免费注册
发表于 2015-11-28 14:30
发表于 2015-11-28 22:33
