我对 IPtables 还很陌生。我试图将特定端口上收到的所有流量重定向到端口 80,但我觉得我遗漏了一些东西。
我写的规则是:
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 9339 -j REDIRECT --to-port 80
我的问题是:如果防火墙只允许到端口 80 的流量,这条规则能起作用吗?如果不行,请解释一下原因以及如何修复。
编辑
这是该命令的输出iptables -L -n
:
==========
IPv4 Rules
==========
Chain INPUT (policy ACCEPT 16115 packets, 2293K bytes)
pkts bytes target prot opt in out source destination
391K 37M bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
391K 37M fw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 oem_fwd all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 natctrl_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 15471 packets, 1312K bytes)
pkts bytes target prot opt in out source destination
385K 31M oem_out all -- * * 0.0.0.0/0 0.0.0.0/0
385K 31M fw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
385K 31M bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
385K 31M st_filter_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain afwall (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g-fork (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g-home (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g-postcustom (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g-roam (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-3g-tether (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-reject (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-vpn (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi-fork (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi-lan (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi-postcustom (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi-tether (0 references)
pkts bytes target prot opt in out source destination
Chain afwall-wifi-wan (0 references)
pkts bytes target prot opt in out source destination
Chain bw_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain bw_INPUT (1 references)
pkts bytes target prot opt in out source destination
389K 37M all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain bw_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
384K 31M all -- * * 0.0.0.0/0 0.0.0.0/0 owner socket exists
Chain bw_costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
Chain bw_happy_box (0 references)
pkts bytes target prot opt in out source destination
Chain bw_penalty_box (1 references)
pkts bytes target prot opt in out source destination
Chain fw_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain fw_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain fw_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain natctrl_FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain natctrl_tether_counters (0 references)
pkts bytes target prot opt in out source destination
Chain oem_fwd (1 references)
pkts bytes target prot opt in out source destination
Chain oem_out (1 references)
pkts bytes target prot opt in out source destination
Chain st_filter_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
==================
Network interfaces
==================
ip6tnl0 lo sit0 eth1 wlan0 teql0
========
ifconfig
========
ifconfig: /proc/net/dev: Operation not permitted
eth1 Link encap:Ethernet HWaddr 08:00:27:C4:FD:41
inet addr:172.17.100.15 Bcast:172.17.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
wlan0 Link encap:Ethernet HWaddr 08:00:27:E4:CD:99
inet addr:172.17.99.15 Bcast:172.17.99.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
===========
System info
===========
Android version: 4.4.2
Manufacturer: samsung
Model: N8010
Build: kanas3gzn-user 4.4.2 KOT49H 3.8.117.1102 release-keys
Active interface: wifi
Tether status: no
Roam status: no
IPv4 subnet: 172.17.100.15/24
IPv6 subnet: fe80::a00:27ff:fec4:fd41/64
/system/bin/su: 918212 bytes
/system/xbin/su: 918212 bytes
/data/magisk/magisk: not present
/system/app/Superuser.apk: not present
Superuser: none found
===========
Preferences
===========
activeNotification: false
activeRules: true
appVersion: 15980
controlIPv6: false
disableIcons: false
enableConfirm: false
enableIPv6: false
enableLAN: true
enableRoam: false
enableVPN: false
forward_chain: true
forward_chain_v6: true
hasRoot: true
input_chain: true
input_chain_v6: true
logDmesg: OS
notification_priority: 0
notifyAppInstall: true
output_chain: true
output_chain_v6: true
passSetting: p0
patternMax: 3
runNotification: true
showFilter: false
showLogToasts: false
showUid: false
sysColor: -10432
toast_pos: bottom
Profile Mode : whitelist
Status : Disabled
======
Logcat
======
17:56:57 Selected Profile: AFWallPrefs
17:56:57 Received cmds: #1
17:56:57 Starting root shell...
17:56:57 Selected Profile: AFWallPrefs
17:56:57 Root shell is open
17:56:57 Start processing next state
17:56:57 Total commamds: #1
17:57:01 Received cmds: #1
17:57:01 Start processing next state
17:57:01 Total commamds: #1
17:57:01 Received cmds: #1
17:57:01 Start processing next state
17:57:01 Total commamds: #1
17:57:02 Received cmds: #1
17:57:02 Start processing next state
17:57:02 Total commamds: #1
17:57:02 isWifiApEnabled is false
提前致谢。