iptables centOS portini yo'naltirish ishlamayapti

Men 10500 dan 10600 portiga keladigan udp paketlarini yo'naltirmoqchiman, lekin u quyidagi konfiguratsiya bilan ishlamaydi.

Mening iptables shunday ko'rinadi,

[root@mymachine ~]# service iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
2    LOG        all  --  224.0.0.0/4          0.0.0.0/0           LOG flags 0 level 4 prefix `IP DROP MULTICAST D: '
3    LOG        all  --  240.0.0.0/5          0.0.0.0/0           LOG flags 0 level 4 prefix `IP DROP SPOOF E: '
4    LOG        all  --  0.0.0.0/0            127.0.0.0/8         LOG flags 0 level 4 prefix `IP DROP LOOPBAK: '

Chain FORWARD (policy DROP)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:10600 state NEW

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 0
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 3
4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 11
5    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
6    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
7    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
11   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:69
12   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:514
13   DROP       all  --  0.0.0.0/0            0.0.0.0/0
14   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:10500
15   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:10600

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DNAT       udp  --  0.0.0.0/0            192.168.80.128      udp dpt:10500 to:192.168.80.128:10600

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

CentOS bo'lgani uchun men quyidagilarni qo'shdim. net.ipv4.ip_forward = 1

Qayerda xato qilganimni ayting.


linux centos iptables
person Antarus    schedule 18.10.2013    source manba

Javoblar (3)


arrow_upward
2
arrow_downward

Maqsadingizga erishish uchun siz INPUT filtr-jadvaliga qoida qo'shishingiz kerak. Va nat-jadvalga REDIRECTION qo'shing

Misol:

iptables -A INPUT -p tcp --dport 10600 -j ACCEPT

iptables -A PREROUTING -t nat -p tcp --dport 10500 REDIRECT --to-port 10600

U qanday ishlaydi:

Birinchi jadval NAT PREROUTING. tcp:10500 ga bo'lgan trafik tcp:10600 ga REDIRECTga yo'naltiriladi. Shundan so'ng, ushbu trafik jadval filtriga o'tadi INPUT va xavfsizlik devori uni QABUL ETs.

person mik-mak    schedule 17.12.2013

arrow_upward
0
arrow_downward

REDIRECT dan foydalaning. Misol: iptables -t nat -I PREROUTING 1 -s 0.0.0.0/0 -d 192.168.75.128 -p udp -m udp --dport 10500 -j REDIRECT --ports 10600

person daznix    schedule 18.10.2013

arrow_upward
0
arrow_downward

Chain RH-Firewall-1-INPUT qatorda 13 DROP all -- 0.0.0.0/0 0.0.0.0/0 o'zidan oldin ruxsat etilmagan barcha narsalarni rad etadi. Barcha RUXSAT BERILGAN qoidalarni "Hamma narsadan voz kechish" oldiga qo'ying, aks holda ular e'tiborga olinmaydi. (14-15 qatorlar RH-Firewall-1-INPUT zanjiridagi 13-qatordan oldin bo'lishi kerak)

person user2631151    schedule 18.10.2013