Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:www reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:telnet reject-with tcp-reset
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
DROP udp -- anywhere anywhere udp dpt:route
DROP udp -- anywhere anywhere udp dpt:route
ACCEPT udp -- anywhere anywhere udp dpt:route
logdrop icmp -- anywhere anywhere
logdrop igmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT 0 -- anywhere anywhere state NEW
logaccept 0 -- anywhere anywhere state NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
logdrop 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- 192.168.0.0/24 192.168.2.0/24 reject-with icmp-port-unreachable
ACCEPT tcp -- choister 192.168.2.142 tcp dpt:ssh state NEW
REJECT 0 -- 192.168.0.0/24 192.168.3.0/24 reject-with icmp-port-unreachable
ACCEPT gre -- 192.168.1.0/24 anywhere
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:1723
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
lan2wan 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
logaccept tcp -- anywhere choister tcp dpt:www
TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0
trigger_out 0 -- anywhere anywhere
logaccept 0 -- anywhere anywhere state NEW
logdrop 0 -- anywhere anywhere
我尝试连接的 ssh 服务器位于 DMZ(192.168.0.145)。它主要用作 Web 服务器。我需要从我的房间 192.168.2.142 访问它。我不明白为什么 ssh 无法转发到 192.168.2.0 子网?我确信这是拒绝规则导致的,因为没有它它也能工作。
答案1
我认为您指的是这条规则:
接受 tcp -- choister 192.168.2.142 tcp dpt:ssh
将 2.142 作为源而不是目标...