Debian
UFW before.rules 的 iptables 不起作用
我有以下工作 iptables 命令:
iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 iptables -t nat -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE我嘗試將以下程式碼添加到 /etc/ufw/before.rules 的頂部,然後在文件的底部,但沒有奏效:
# NAT table rules *nat :PREROUTING ACCEPT [0:0] -A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 -A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 :POSTROUTING ACCEPT [0:0] -A POSTROUTING -p tcp --dport 80 -j MASQUERADE -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE COMMIT任何的想法?謝謝!
你試過這樣寫嗎?
# NAT table rules *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 -A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 -A POSTROUTING -p tcp --dport 80 -j MASQUERADE -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE COMMIT
:PREROUTINGand:POSTROUTING策略似乎需要在該行之後聲明*nat。至少在我的個人 iptables 規則文件中是這樣的。