我使用带有内核 4.19 的 debian 10 和 nftables 作为端口转发工具。规则就像
table ip nat {
chain prerouting {
type nat hook prerouting priority -100; policy accept;
ip daddr 10.250.181.103 tcp dport 25565 counter packets 0 bytes 0 log
ip daddr 10.250.181.103 tcp dport 25568 counter packets 0 bytes 0 log
ip daddr 10.250.181.103 tcp dport 25573 counter packets 0 bytes 0 log
ip daddr 10.250.181.103 tcp dport 25565 counter packets 0 bytes 0 dnat to 192.168.56.1:25565
ip daddr 10.250.181.103 tcp dport 25568 counter packets 0 bytes 0 dnat to 192.168.56.1:25568
ip daddr 10.250.181.103 tcp dport 25573 counter packets 0 bytes 0 dnat to 192.168.56.1:25573
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip saddr != 192.168.56.0/24 ip daddr 192.168.56.0/24 counter packets 0 bytes 0 masquerade
}
}
(SNAT是因为192.168.56.1是Windows,不支持策略路由)
当我 ssh 到系统时,端口转发工作正常。但是,在我注销几秒钟后它就不起作用了。
我可以检查哪些配置来找出原因?