我有以下情况是路由器将远程控制转发到 iptable 到 MS Server 2008 然而我无法使其与我拥有的当前 iptable 规则一起工作:
-A PREROUTING -p tcp --dport 3389 --destination 192.168.0.5
-A PREROUTING -p udp --dport 3389 --destination 192.168.0.5
192.168.0.5 是 MS 服务器的地址,因此我尝试将请求重定向到该地址。有什么建议吗?
编辑
这是 /etc/init.d/iptable status 使用 3389 grp 抛出的内容
10 ACCEPT tcp -- 0.0.0.0/0 192.168.0.5 tcp dpt:3389
113 ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 multiport dports 21,25,110,1143,143,2082,2095,2525,3306,3389,7080,7777
11 DNAT tcp -- 0.0.0.0/0 190.181.129.51 tcp dpt:3389 to:192.168.0.5:3389
12 DNAT udp -- 0.0.0.0/0 190.181.129.51 udp dpt:3389 to:192.168.0.5:3389
答案1
iptables -t nat -A PREROUTING -p tcp -d <IP_OF_YOUR_ROUTER> --dport 3389 -j DNAT --to-destination 192.168.0.5:3389
iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 3389 -j ACCEPT
答案2
尝试执行此脚本:-
#!/bin/bash
#Uncomment the following line to enable ip forwarding if it is not already enabled.
#echo 1 > /proc/sys/net/ipv4/ip_forward
#nat rules to change destination ip address to the ip address of MS server
iptables -t nat -A PREROUTING -p tcp -d <IP Address of the router/machine on which you are planning to execute this script> --dport 3389 -j DNAT --to 192.168.0.5
#Allow response from MS server to router/machine on which you execute this script
iptables -t nat -A POSTROUTING -d 192.168.0.5 -j MASQUERADE
如果上述脚本不起作用,请清除上述规则并尝试以下脚本:-
#!/bin/bash
#Uncomment the following line to enable ip forwarding if it is not already enabled.
#echo 1 > /proc/sys/net/ipv4/ip_forward
#nat rules to change destination ip address to the ip address of MS server
iptables -t nat -A PREROUTING -p tcp -d <IP Address of the router/machine on which you are planning to execute this script> --dport 3389 -j DNAT --to 192.168.0.5:3389
#Allow response from MS server to router/machine on which you execute this script
iptables -t nat -A POSTROUTING -d 192.168.0.5 -j MASQUERADE