端口转发到内部 LAN 服务器

tag-icon tag-icon linux iptables
端口转发到内部 LAN 服务器

我有 ppp0 --> eth1 和 eth0(内部 LAN)。我需要将externel 10022端口转发到服务器192.168.1.254的8999端口

iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 10022 -j DNAT --to 192.168.1.254:8999
iptables -A FORWARD -p tcp -d 192.168.1.254 --dport 10022 -j ACCEPT

我也有:

cat /proc/sys/net/ipv4/conf/ppp0/forwarding 

1

连接超时...知道吗?

iptables -L -nv

Chain INPUT (policy DROP 14 packets, 1609 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 2037  136K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     icmp --  ppp0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  tap0   *       0.0.0.0/0            0.0.0.0/0           
   14  1609 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 TCPMSS     tcp  --  *      ppp2    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1400:1536 TCPMSS clamp to PMTU 
    0     0 TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1400:1536 TCPMSS clamp to PMTU 
    0     0 TCPMSS     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1400:1536 TCPMSS clamp to PMTU 
    0     0 TCPMSS     tcp  --  *      ppp0    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 tcpmss match 1400:1536 TCPMSS clamp to PMTU 
   16  2368 ACCEPT     all  --  *      *       0.0.0.0/0            192.168.1.0/24      state RELATED,ESTABLISHED 
    0     0 ACCEPT     all  --  *      *       192.168.1.0/24       0.0.0.0/0           
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID 
 3097 4268K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED

答案1

您还需要在 eth0 上设置 IP 转发。使用

sysctl -p net.ipv4.ip_forward=1

-p 使更改在重新启动后保持不变。另外,我可能是错的,但我认为最上面一行应该是:

iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 10022 -j DNAT --to-destination 192.168.1.254:8999

相关内容