Debian

UFW before.rules 的 iptables 不起作用

  • August 3, 2015

我有以下工作 iptables 命令:

iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE

iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000
iptables -t nat -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE

我嘗試將以下程式碼添加到 /etc/ufw/before.rules 的頂部,然後在文件的底部,但沒有奏效:

# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]

-A PREROUTING -i ppp0  -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
-A PREROUTING -i ppp0  -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000

:POSTROUTING ACCEPT [0:0]

-A POSTROUTING -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -p tcp --dport 5000 -j MASQUERADE

COMMIT

任何的想法?謝謝!

你試過這樣寫嗎?

# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

-A PREROUTING -i ppp0  -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80
-A PREROUTING -i ppp0  -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000

-A POSTROUTING -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -p tcp --dport 5000 -j MASQUERADE

COMMIT

:PREROUTINGand :POSTROUTING策略似乎需要在該行之後聲明*nat。至少在我的個人 iptables 規則文件中是這樣的。

引用自:https://serverfault.com/questions/627949