iptables 的端口转发的问题!请大家帮忙!

由 geek 在 11-22-2002 17:16 发表:

iptables 的端口转发的问题!请大家帮忙!

我的系统是REDHAT8,现在上网FTP。等全工作正常,包扩被动FTP,但是我现在的端口转发不正常工作,请大家帮我看看,下面是我的RC。LOCAL文件:#!/bin/sh

This script will be executed after all the other init scripts.

You can put your own initialization stuff in here if you don't

want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

echo "Starting iptables rules..."

#Refresh all chains

modprobe iptable_nat

modprobe ip_tables

modpeobe ip_conntarck

modprobe ip_nat_ftp

#modprobe ip_conntarck_ftp

#modprobe ip_conntarck_irc

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F INPUT

iptables -F FORWARD

iptables -F POSTROUTING -t nat

iptables -P FORWARD DROP

iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT

iptables -A FORWARD -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.0/24 -j MASQUERADE

#-------chuan qi server port start---------------#

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 2121 -i eth2 -j DNAT --to 192.168.0.251:21

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 21 -o eth2 -j SNAT --to 10.89.15.130:2121

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 4900 -i eth1 -j DNAT --to 192.168.0.251:4900

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 4900 -o eth1 -j SNAT --to 10.89.15.130:4900

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 5000 -i eth1 -j DNAT --to 192.168.0.251:5000

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 5000 -o eth1 -j SNAT --to 10.89.15.130:5000

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 5100 -i eth1 -j DNAT --to 192.168.0.251:5100

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 5100 -o eth1 -j SNAT --to 10.89.15.130:5100

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 5600 -i eth1 -j DNAT --to 192.168.0.251:5600

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 5600 -o eth1 -j SNAT --to 10.89.15.130:5600

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 6000 -i eth1 -j DNAT --to 192.168.0.251:6000

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 6000 -o eth1 -j SNAT --to 10.89.15.130:6000

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 7000 -i eth1 -j DNAT --to 192.168.0.251:7000

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 7000 -o eth1 -j SNAT --to 10.89.15.130:7000

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 7100 -i eth1 -j DNAT --to 192.168.0.251:7100

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 7100 -o eth1 -j SNAT --to 10.89.15.130:7100

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 7200 -i eth1 -j DNAT --to 192.168.0.251:7200

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 7200 -o eth1 -j SNAT --to 10.89.15.130:7200

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 10000 -i eth1 -j DNAT --to 192.168.0.251:10000

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 10000 -o eth1 -j SNAT --to 10.89.15.130:10000

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 16300 -i eth1 -j DNAT --to 192.168.0.251:16300

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 16300 -o eth1 -j SNAT --to 10.89.15.130:16300

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --sport 16301 -i eth1 -j DNAT --to 192.168.0.251:16301

iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.251 --sport 16301 -o eth1 -j SNAT --to 10.89.15.130:16301

iptables -t nat -A PREROUTING -p tcp -d 10.89.15.130 --spo

Published At
Categories with 服务器类
Tagged with
comments powered by Disqus