加一条规则后,Nginx 报 “502 Bad Gateway”
在机器CentOS(192.168.0.110)上有Nginx+mysql+php,在CentOS内有虚拟机 FreeBSD(192.168.140.128,绑定域名www.XJee.net)
我想通过iptables端口重定向,从 windows(192.168.0.141)访问freebsd.
为何增加 -A nat_postrouting_1 -j MASQUERADE ,后 CentOS上的 Nginx 就会报 “502 Bad Gateway”。一个星期, 还没弄好。
敬请指教啊!!!我iptables不太熟悉。
增加后的规则
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:filter_forward_1 - [0:0]
:filter_input_1 - [0:0]
-A INPUT -j filter_input_1
-A filter_input_1 -i lo -j ACCEPT
-A filter_input_1 -p icmp --icmp-type any -j ACCEPT
-A filter_input_1 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 110 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 12052 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12057 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12058 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12059 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 8222 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 8333 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 12056 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp --dport 9000 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 22 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 21 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 12060 -j ACCEPT
-A FORWARD -j filter_forward_1
-A filter_input_1 -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
: PREROUTING ACCEPT [0:0]
: POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
: PREROUTING ACCEPT [0:0]
:nat_prerouting_1 - [0:0]
: POSTROUTING ACCEPT [0:0]
:nat_postrouting_1 - [0:0]
-A POSTROUTING -j nat_postrouting_1
-A PREROUTING -j nat_prerouting_1
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 22 -j DNAT --to-destination 192.168.140.128
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 21 -j DNAT --to-destination 192.168.140.128
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 12060 -j DNAT --to-destination 192.168.140.128
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 22 -j SNAT --to-source 192.168.140.1
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 21 -j SNAT --to-source 192.168.140.1
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 12060 -j SNAT --to-source 192.168.140.1
-A nat_postrouting_1 -j MASQUERADE #增加的内容
COMMIT
# Completed
增加前的规则
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:filter_forward_1 - [0:0]
:filter_input_1 - [0:0]
-A INPUT -j filter_input_1
-A filter_input_1 -i lo -j ACCEPT
-A filter_input_1 -p icmp --icmp-type any -j ACCEPT
-A filter_input_1 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 25 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 110 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 12052 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12057 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12058 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m state -m tcp --dport 12059 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 8222 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 8333 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp -m state --dport 12056 --state NEW -j ACCEPT
-A filter_input_1 -p tcp -m tcp --dport 9000 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 22 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 21 -j ACCEPT
-A filter_forward_1 -p tcp -m tcp -d 192.168.140.128 --dport 12060 -j ACCEPT
-A FORWARD -j filter_forward_1
-A filter_input_1 -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
: PREROUTING ACCEPT [0:0]
: POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
: PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:nat_prerouting_1 - [0:0]
: POSTROUTING ACCEPT [0:0]
:nat_postrouting_1 - [0:0]
-A POSTROUTING -j nat_postrouting_1
-A PREROUTING -j nat_prerouting_1
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 22 -j DNAT --to-destination 192.168.140.128
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 21 -j DNAT --to-destination 192.168.140.128
-A nat_prerouting_1 -p tcp -m tcp -d 192.168.0.110 --dport 12060 -j DNAT --to-destination 192.168.140.128
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 22 -j SNAT --to-source 192.168.140.1
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 21 -j SNAT --to-source 192.168.140.1
-A nat_postrouting_1 -p tcp -m tcp -s 192.168.0.0/255.255.255.0 -d 192.168.140.128 --dport 12060 -j SNAT --to-source 192.168.140.1
COMMIT
# Completed
[ 本帖最后由 skypromise 于 2009-4-13 22:01 编辑 ]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
出现了502 bad gateway后html是否可以访问正常?
静态页面可以的哦
删除这个 -A nat_postrouting_1 -j MASQUERADE
php 又可以运行了,不在出现 出现了502 bad gateway
搞了2个礼拜啦,一直研究,搞不定啊,下班后研究的