端口转发 - 无法访问 IP

端口转发 - 无法访问 IP
india827:~# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:19:99:a4:14:08  
          inet addr:85.25.152.115  Bcast:85.25.152.255  Mask:255.255.255.0
          inet6 addr: fe80::219:99ff:fea4:1408/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2752215 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1061558 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1274090951 (1.1 GiB)  TX bytes:506433382 (482.9 MiB)
          Interrupt:18 

eth0:1    Link encap:Ethernet  HWaddr 00:19:99:a4:14:08  
          inet addr:85.25.248.216  Bcast:85.25.248.255  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:16132 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16132 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1023499 (999.5 KiB)  TX bytes:1023499 (999.5 KiB)

tap0      Link encap:Ethernet  HWaddr ae:ba:ce:d7:7d:bd  
          inet addr:10.0.1.254  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::acba:ceff:fed7:7dbd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:1211 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vboxnet0  Link encap:Ethernet  HWaddr 0a:00:27:00:00:00  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
india827:/pyvbox# iptables -L -v
Chain INPUT (policy ACCEPT 3135 packets, 455K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   10   660 ACCEPT     all  --  tap0   any     10.0.1.0/24          anywhere            ctstate NEW 
   32  1536 ACCEPT     all  --  any    any     anywhere             10.0.1.0/24         ctstate NEW 
   23   920 ACCEPT     all  --  any    any     anywhere             anywhere            ctstate RELATED,ESTABLISHED 

Chain OUTPUT (policy ACCEPT 2887 packets, 1135K bytes)
 pkts bytes target     prot opt in     out     source               destination 

    india827:~# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
85.25.248.192   0.0.0.0         255.255.255.192 U         0 0          0 eth0
85.25.152.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U         0 0          0 tap0
0.0.0.0         85.25.248.193   0.0.0.0         UG        0 0          0 eth0
0.0.0.0         85.25.152.1     0.0.0.0         UG        0 0          0 eth0   

从服务器(本地主机)进行 Telnet:

india827:/pyvbox# telnet 85.25.248.216 3389 
Trying 85.25.248.216...
Connected to 85.25.248.216.
Escape character is '^]'.

从远程 PC 进行 Telnet:

H301:~# telnet 85.25.248.216 3389
Trying 85.25.248.216...
telnet: Unable to connect to remote host: Connection refused

跟踪路由(来自远程主机):

H301:~# tcptraceroute 85.25.248.216 3389
traceroute to 85.25.248.216 (85.25.248.216), 30 hops max, 60 byte packets
 1  213.155.20.253 (213.155.20.253)  0.538 ms  0.640 ms  0.731 ms
 2  80.93.126.57.ett.ua (80.93.126.57)  0.176 ms  0.236 ms  0.238 ms
 3  decix.ett.com.ua (80.81.192.113)  30.795 ms  30.810 ms  30.812 ms
 4  tge-5-1-0-353a.cr2.fra.routeserver.net (80.81.192.21)  31.031 ms  31.017 ms  31.090 ms
 5  * * *
 6  217.118.16.163 (217.118.16.163)  36.565 ms  36.459 ms  36.410 ms
 7  static-ip-85-25-248-216.inaddr.intergenia.de (85.25.248.216)  34.580 ms  33.987 ms  34.163 ms
 8  static-ip-85-25-248-216.inaddr.intergenia.de (85.25.248.216)  38.088 ms  34.822 ms  34.665 ms

iptables 规则

india827:~# iptables -nvL
Chain INPUT (policy ACCEPT 14134 packets, 2307K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   48  3032 ACCEPT     all  --  tap0   *       10.0.1.0/24          0.0.0.0/0           ctstate NEW 
  107  5764 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.1.0/24         ctstate NEW 
  953  398K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           ctstate RELATED,ESTABLISHED 

Chain OUTPUT (policy ACCEPT 9820 packets, 16M bytes)
 pkts bytes target     prot opt in     out     source               destination     


india827:~#  iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 14181 packets, 2115K bytes)
 pkts bytes target     prot opt in     out     source               destination         
  865 47089 DNAT       all  --  *      *       0.0.0.0/0            85.25.248.216       to:10.0.1.1 

Chain INPUT (policy ACCEPT 13713 packets, 2021K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2113 packets, 122K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 2984 packets, 169K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   20  1115 SNAT       all  --  *      eth0    10.0.1.1             0.0.0.0/0           to:85.25.248.216 

我的配置有什么错误?

答案1

感谢回复,问题已解决。我刚刚清理了所有规则并应用了以下规则:

iptables -t nat -A PREROUTING -d 85.25.248.216 -j DNAT --to-destination 10.0.1.1
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate NEW -d 10.0.1.1 -j ACCEPT

相关内容