iptables 防火墙规则不允许从 LAN 到 DMZ 的 ssh

iptables 防火墙规则不允许从 LAN 到 DMZ 的 ssh
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere            tcp dpt:www reject-with tcp-reset 
REJECT     tcp  --  anywhere             anywhere            tcp dpt:telnet reject-with tcp-reset 
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route 
logdrop    icmp --  anywhere             anywhere            
logdrop    igmp --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            udp dpt:5060 
ACCEPT     0    --  anywhere             anywhere            state NEW 
logaccept  0    --  anywhere             anywhere            state NEW 
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
logdrop    0    --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     0    --  192.168.0.0/24       192.168.2.0/24      reject-with icmp-port-unreachable 
ACCEPT     tcp  --  choister             192.168.2.142       tcp dpt:ssh state NEW 
REJECT     0    --  192.168.0.0/24       192.168.3.0/24      reject-with icmp-port-unreachable 
ACCEPT     gre  --  192.168.1.0/24       anywhere            
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723 
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
lan2wan    0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
logaccept  tcp  --  anywhere             choister            tcp dpt:www 
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0 
trigger_out  0    --  anywhere             anywhere            
logaccept  0    --  anywhere             anywhere            state NEW 
logdrop    0    --  anywhere             anywhere            

我尝试连接的 ssh 服务器位于 DMZ(192.168.0.145)。它主要用作 Web 服务器。我需要从我的房间 192.168.2.142 访问它。我不明白为什么 ssh 无法转发到 192.168.2.0 子网?我确信这是拒绝规则导致的,因为没有它它也能工作。

答案1

我认为您指的是这条规则:
接受 tcp -- choister 192.168.2.142 tcp dpt:ssh
将 2.142 作为源而不是目标...

相关内容