使家庭路由器可通过互联网访问

tag-icon tag-icon iptables internet busybox router
使家庭路由器可通过互联网访问

设置:

我已经使用ssh登录华为路由器。这是一个带有 ash 的 busybox 系统。可用的工具有 ifconfig、iptables 等。

我想做的事:

使所有端口(http、ssh、telnet 等)可用于互联网。

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     tcp  --  anywhere             anywhere            tcp dpt:113 reject-with tcp-reset 
2    ACCEPT     all  --  anywhere             anywhere            
3    INPUT_DOSFLT  all  --  anywhere             anywhere            
4    INPUT_SERVICE_ACL  all  --  anywhere             anywhere            
5    INPUT_URLFLT  all  --  anywhere             anywhere            
6    INPUT_SERVICE  all  --  anywhere             anywhere            
7    SPI_FILTER  all  --  anywhere             anywhere            
8    INPUT_FIREWALL  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    FWD_DOSFLT  all  --  anywhere             anywhere            
2    FWD_MACFLT  all  --  anywhere             anywhere            
3    FWD_URLFLT  all  --  anywhere             anywhere            
4    FWD_IPFLT  all  --  anywhere             anywhere            
5    FWD_NATSERVICE  all  --  anywhere             anywhere            
6    FWD_SERVICE  all  --  anywhere             anywhere            
7    SPI_FILTER  all  --  anywhere             anywhere            
8    FWD_FIREWALL  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    SPI_FILTER  all  --  anywhere             anywhere            
2    ACCEPT     all  --  anywhere             anywhere            
3    OUTPUT_DOSFLT  all  --  anywhere             anywhere            

Chain ACC_FLT (0 references)
num  target     prot opt source               destination         

Chain DMZ_FLT (1 references)
num  target     prot opt source               destination         

Chain FWD_DOSFLT (1 references)
num  target     prot opt source               destination         
1    syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
2    ping_flood  icmp --  anywhere             anywhere            icmp echo-request 

Chain FWD_FIREWALL (1 references)
num  target     prot opt source               destination         

Chain FWD_IPFLT (1 references)
num  target     prot opt source               destination         

Chain FWD_MACFLT (1 references)
num  target     prot opt source               destination         

Chain FWD_NATSERVICE (1 references)
num  target     prot opt source               destination         
1    PORTMAP_FLT  all  --  anywhere             anywhere            
2    UPNP_PORTMAP  all  --  anywhere             anywhere            
3    DMZ_FLT    all  --  anywhere             anywhere            

Chain FWD_SERVICE (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            multiport ports 53,67,68,80,443 
2    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 53,67,68,80,443 
3    ACCEPT     udp  --  anywhere             anywhere            multiport ports 143,110,25 
4    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 143,110,25 
5    ACCEPT     udp  --  anywhere             anywhere            multiport ports 21,115,23 
6    ACCEPT     tcp  --  anywhere             anywhere            multiport ports 21,115,23 
7    ACCEPT     icmp --  anywhere             anywhere            

Chain FWD_URLFLT (1 references)
num  target     prot opt source               destination         

Chain FWFLT_NULL (0 references)
num  target     prot opt source               destination         

Chain INPUT_DOSFLT (1 references)
num  target     prot opt source               destination         
1    syn_flood  tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,RST,ACK/SYN 
2    ping_flood  icmp --  anywhere             anywhere            icmp echo-request 

Chain INPUT_FIREWALL (1 references)
num  target     prot opt source               destination         
1    DROP       all  --  anywhere             anywhere            
2    DROP       tcp  --  anywhere             anywhere            tcp dpt:23 
3    DROP       tcp  --  anywhere             anywhere            tcp dpt:8081 
4    DROP       all  --  anywhere             anywhere            

Chain INPUT_SERVICE (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            multiport ports 53,67,68 
2    DROP       tcp  --  anywhere             anywhere            multiport dports 631 
3    DROP       tcp  --  anywhere             anywhere            tcp flags:FIN,SYN,ACK/SYN 
4    ACCEPT     udp  --  anywhere             anywhere            udp dpt:500 
5    ACCEPT     udp  --  anywhere             anywhere            udp dpt:4500 
6    ACCEPT     esp  --  anywhere             anywhere            
7    ACCEPT     udp  --  anywhere             anywhere            udp dpts:67:68 
8    ACCEPT     udp  --  anywhere             anywhere            udp dpt:6050 
9    ACCEPT     udp  --  anywhere             anywhere            udp dpt:0 
10   ACCEPT     udp  --  anywhere             anywhere            udp dpts:50000:50020 

Chain INPUT_SERVICE_ACL (1 references)
num  target     prot opt source               destination         
1    ACCEPT     all  --  anywhere             anywhere            
2    ACCEPT     icmp --  anywhere             anywhere            

Chain INPUT_URLFLT (1 references)
num  target     prot opt source               destination         
1    ACCEPT     udp  --  anywhere             anywhere            udp dpt:53 dns_flt match homerouter.cpe 

Chain IPFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain IPFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain MACFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain MACFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain OUTPUT_DOSFLT (1 references)
num  target     prot opt source               destination         

Chain PORTMAP_FLT (1 references)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  anywhere             192.168.1.2         tcp dpt:22 

Chain SPI_FILTER (3 references)
num  target     prot opt source               destination         
1    DROP       all  --  anywhere             anywhere            state INVALID 
2    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

Chain UPNP_PORTMAP (1 references)
num  target     prot opt source               destination         

Chain URLFLT_BLACKTABLE (0 references)
num  target     prot opt source               destination         

Chain URLFLT_WHITETABLE (0 references)
num  target     prot opt source               destination         

Chain ping_flood (2 references)
num  target     prot opt source               destination         
1    RETURN     all  --  anywhere             anywhere            limit: avg 100/sec burst 150 
2    DROP       all  --  anywhere             anywhere            

Chain syn_flood (2 references)
num  target     prot opt source               destination         
1    RETURN     all  --  anywhere             anywhere            limit: avg 100/sec burst 150 
2    DROP       all  --  anywhere             anywhere

相关内容