我有一台虽然老旧但可靠的德州仪器 ADSL 路由器。
主板 AR7RD;BUILD=061005;VERSION=3.7.1 如果这很重要...
令我烦恼的一件事是它以某种方式阻止了我的 jabber(Pidgin 连接到 Google 帐户)。
我知道这是路由器导致的,因为我试过几个不同的路由器,jabber 可以与它们配合使用。我多次搜索其设置,但找不到任何表明被阻止的内容。
我设法使用 SSH 访问它,我认为它一定在 iptables 设置中。不幸的是,我看不懂它,所以如果能得到任何帮助,我将不胜感激。
以下是 iptables -L 的原始输出
Chain INPUT (policy ACCEPT)
target prot opt source destination
CFG tcp -- Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
192.168.1.6 anywhere tcp dpt:www Records Packet's Source Interface
CFG tcp -- Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
192.168.1.6 anywhere tcp dpt:443 Records Packet's Source Interface
ACCEPT tcp -- Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
0.0.0.0 anywhere state NEW tcp dpt:ssh
DROP tcp -- Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
0.0.0.0 anywhere state NEW tcp dpt:888
ACCEPT tcp -- Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
0.0.0.0 anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
192.168.1.150 tcp dpt:ftp
ACCEPT tcp -- anywhere Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
192.168.1.150 tcp dpt:443
ACCEPT tcp -- anywhere Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
Set PR mark for socket 0xf = 230
192.168.1.150 tcp dpt:www
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
这是我稍微整理了一下之后的结果
Chain INPUT (policy ACCEPT)
target prot opt source destination
CFG tcp -- 192.168.1.6 anywhere tcp dpt:www Records Packet's Source Interface
CFG tcp -- 192.168.1.6 anywhere tcp dpt:443 Records Packet's Source Interface
ACCEPT tcp -- 0.0.0.0 anywhere state NEW tcp dpt:ssh
DROP tcp -- 0.0.0.0 anywhere state NEW tcp dpt:888
ACCEPT tcp -- 0.0.0.0 anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT icmp -- anywhere anywhere icmp echo-request state NEW
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere 192.168.1.150 tcp dpt:ftp
ACCEPT tcp -- anywhere 192.168.1.150 tcp dpt:443
ACCEPT tcp -- anywhere 192.168.1.150 tcp dpt:www
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID