我有以下有效的 iptables 命令:
iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000
iptables -t nat -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE
我尝试将以下代码添加到 /etc/ufw/before.rules 文件的顶部和底部,但没有成功:
# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
-A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -p tcp --dport 5000 -j MASQUERADE
COMMIT
有什么想法吗?谢谢!
答案1
你尝试过这样写吗?
# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
-A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000
-A POSTROUTING -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -p tcp --dport 5000 -j MASQUERADE
COMMIT
:PREROUTING和 策略:POSTROUTING似乎需要在该*nat行之后声明。至少在我的个人 iptables 规则文件中是这样的。