我的iptables配置问题?ftp,msn上不去,网叶和QQ能上!!
eth0的ip为172.16.0.1/255.255.255.0 对内
eth1的ip为192.168.66.9/255.255.0.0 对外(连接到大楼的服务器,从大楼出去)
在服务器上能ftp通外面。但我的内网的其他机器无法上访问外面的ftp。
# Generated by iptables-save v1.2.11 on Wed Jan 12 13:36:35 2005
*mangle
REROUTING ACCEPT [1646462]
:INPUT ACCEPT [1409480]
:FORWARD ACCEPT [139036]
:OUTPUT ACCEPT [1810355]OSTROUTING ACCEPT [1949852]
COMMIT
# Completed on Wed Jan 12 13:36:35 2005
# Generated by iptables-save v1.2.11 on Wed Jan 12 13:36:35 2005
*natREROUTING DROP [97351]OSTROUTING ACCEPT [11884]
:OUTPUT ACCEPT [11589]
-A PREROUTING -d 192.168.66.9 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.16.0.2:80
-A PREROUTING -d 192.168.66.9 -p tcp -m tcp --dport 25 -j DNAT --to-destination 172.16.0.2:25
-A PREROUTING -d 192.168.66.9 -p tcp -m tcp --dport 110 -j DNAT --to-destination 172.16.0.2:110
-A PREROUTING -d 218.94.76.159 -p tcp -j DNAT --to-destination 172.16.0.2
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i eth0 -p tcp -m tcp --dport 1201 -j DROP
-A PREROUTING -d 202.108.42.174 -i eth0 -j DROP
-A PREROUTING -d 219.133.41.0/255.255.255.0 -i eth0 -j DROP
-A PREROUTING -s 172.16.0.0/255.255.255.248 -i eth0 -j ACCEPT
-A PREROUTING -d 208.184.139.0/255.255.255.0 -i eth0 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 22:23 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 20:21 -j ACCEPT
-A PREROUTING -d 192.168.66.9 -p tcp -m tcp --dport 20:21 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 60000:60100 -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 445 -j ACCEPT
-A PREROUTING -i eth0 -p udp -m udp --dport 445 -j ACCEPT
-A PREROUTING -d 172.16.0.1 -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A PREROUTING -i eth0 -p udp -m udp --dport 123 -j ACCEPT
-A PREROUTING -i eth0 -p udp -m udp --dport 8000 -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 1863 -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -i eth0 -p udp -m udp --dport 67:69 -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A PREROUTING -i eth0 -p icmp -j ACCEPT
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -d 172.16.0.2 -p tcp -j SNAT --to-source 172.16.0.1
-A POSTROUTING -s 172.16.0.0/255.255.255.0 -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Jan 12 13:36:35 2005
# Generated by iptables-save v1.2.11 on Wed Jan 12 13:36:35 2005
*filter
:INPUT ACCEPT [1409481]
:FORWARD ACCEPT [139036]
:OUTPUT ACCEPT [1810344]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
刚试了下ftp,发现可以登录,但敲dir,ls等命令的时候,没反应,郁闷。。msn还是上不了。不知道哪里出错了,请高手指点。
你的FTP,是PASSIVE的问题
需要ip_nat_ftp或者ip_conntrack_ftp模块,用modprobe加载
msn的问题,msn需要TCP/443和TCP/1863,你确定你开了这两个端口先
复制代码
我没明白你的用意何在