IPtables 端口重定向

IPtables 端口重定向

我对 IPtables 还很陌生。我试图将特定端口上收到的所有流量重定向到端口 80,但我觉得我遗漏了一些东西。

我写的规则是:

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 9339 -j REDIRECT --to-port 80

我的问题是:如果防火墙只允许到端口 80 的流量,这条规则能起作用吗?如果不行,请解释一下原因以及如何修复。

编辑

这是该命令的输出iptables -L -n

==========
IPv4 Rules
==========

Chain INPUT (policy ACCEPT 16115 packets, 2293K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 391K   37M bw_INPUT   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 391K   37M fw_INPUT   all  --  *      *       0.0.0.0/0            0.0.0.0/0           
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 oem_fwd    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 fw_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 bw_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 natctrl_FORWARD  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
Chain OUTPUT (policy ACCEPT 15471 packets, 1312K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 385K   31M oem_out    all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 385K   31M fw_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 385K   31M bw_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 385K   31M st_filter_OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
Chain afwall (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g-fork (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g-home (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g-postcustom (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g-roam (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-3g-tether (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-reject (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-vpn (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi-fork (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi-lan (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi-postcustom (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi-tether (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain afwall-wifi-wan (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain bw_FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain bw_INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 389K   37M            all  --  *      *       0.0.0.0/0            0.0.0.0/0            owner socket exists
Chain bw_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 384K   31M            all  --  *      *       0.0.0.0/0            0.0.0.0/0            owner socket exists
Chain bw_costly_shared (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 bw_penalty_box  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
Chain bw_happy_box (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain bw_penalty_box (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain fw_FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain fw_INPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain fw_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain natctrl_FORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           
Chain natctrl_tether_counters (0 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain oem_fwd (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain oem_out (1 references)
 pkts bytes target     prot opt in     out     source               destination         
Chain st_filter_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination         

==================
Network interfaces
==================

ip6tnl0  lo       sit0     eth1     wlan0    teql0

========
ifconfig
========

ifconfig: /proc/net/dev: Operation not permitted
eth1      Link encap:Ethernet  HWaddr 08:00:27:C4:FD:41  
          inet addr:172.17.100.15  Bcast:172.17.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
wlan0     Link encap:Ethernet  HWaddr 08:00:27:E4:CD:99  
          inet addr:172.17.99.15  Bcast:172.17.99.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

===========
System info
===========

Android version: 4.4.2
Manufacturer: samsung
Model: N8010
Build: kanas3gzn-user 4.4.2 KOT49H 3.8.117.1102 release-keys
Active interface: wifi
Tether status: no
Roam status: no
IPv4 subnet: 172.17.100.15/24
IPv6 subnet: fe80::a00:27ff:fec4:fd41/64
/system/bin/su: 918212 bytes
/system/xbin/su: 918212 bytes
/data/magisk/magisk: not present
/system/app/Superuser.apk: not present
Superuser: none found

===========
Preferences
===========

activeNotification: false
activeRules: true
appVersion: 15980
controlIPv6: false
disableIcons: false
enableConfirm: false
enableIPv6: false
enableLAN: true
enableRoam: false
enableVPN: false
forward_chain: true
forward_chain_v6: true
hasRoot: true
input_chain: true
input_chain_v6: true
logDmesg: OS
notification_priority: 0
notifyAppInstall: true
output_chain: true
output_chain_v6: true
passSetting: p0
patternMax: 3
runNotification: true
showFilter: false
showLogToasts: false
showUid: false
sysColor: -10432
toast_pos: bottom
Profile Mode : whitelist
Status : Disabled

======
Logcat
======

17:56:57 Selected Profile: AFWallPrefs
17:56:57 Received cmds: #1
17:56:57 Starting root shell...
17:56:57 Selected Profile: AFWallPrefs
17:56:57 Root shell is open
17:56:57 Start processing next state
17:56:57 Total commamds: #1
17:57:01 Received cmds: #1
17:57:01 Start processing next state
17:57:01 Total commamds: #1
17:57:01 Received cmds: #1
17:57:01 Start processing next state
17:57:01 Total commamds: #1
17:57:02 Received cmds: #1
17:57:02 Start processing next state
17:57:02 Total commamds: #1
17:57:02 isWifiApEnabled is false

提前致谢。

相关内容