IPtables 端口转发到主机 IP

IPtables 端口转发到主机 IP

在 LXC 容器中,我安装了 Wireguard,客户端正常连接,我看到了端口和信息,但是当我尝试 curl 到本地主机(127.0.0.1)或本地 ip(192.168.1.180)时,它无法连接。

192.168.1.180(主机 IP)10.7.0.2(IP)

10.7.0.2:6060 <-> 192.168.1.180:6060

curl -I 10.7.0.2:6060

-Resolve OK --

curl -I 127.0.1:6060 (或) curl -I 192.168.1.180:6060

Responde unreachable

我的 IPtables 规则:

iptables -A FORWARD -i eth0 -j ACCEPT;
iptables -t nat -A PREROUTING -p tcp --dport 6060:6060 -j DNAT --to-destination 10.7.0.2;
iptables -w -t nat -A POSTROUTING -o eth0 -j MASQUERADE;

IPv4 转发处于活动状态:

#sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

服务器 Wireguard 配置:

root@wiretest:/etc/wireguard# cat wg0.conf
# Do not alter the commented lines
# They are used by wireguard-install
# ENDPOINT asd.demo.net

[Interface]
Address = 10.7.0.1/24
PrivateKey = CI0heA/1InAo........
ListenPort = 51820
        
# BEGIN_PEER nodotest
[Peer]
PublicKey = y1t+k9cR06F7/y6ANJtEx.......
PresharedKey = +Tya8VsxbB3i9hkIRf......
AllowedIPs = 10.7.0.2/32
# END_PEER nodotest
root@wiretest:/etc/wireguard#

客户端配置:

root@wiredocker:/etc/wireguard# cat wg0.conf
[Interface]
Address = 10.0.0.2/24
DNS = 8.8.8.8
PrivateKey = +GLTuJnydedy2QMvTj5SGdr......

[Peer]
PublicKey = qlNPgT7Fwbjmexq09EVF........
PresharedKey = +Tya8VsxbB3i9hkIR......
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = asd.demo.net:51820
PersistentKeepalive = 25
root@wiredocker:/etc/wireguard# 

服务器 IPTables 列表:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:51823

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  10.7.0.0/24          anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
 

谢谢 !

相关内容