OpenForum RSS: iptables

iptables (dbelokursky)

Thu, 26 Aug 2010 09:08:43 GMT

�� . �� .

iptables (dbelokursky)

Thu, 26 Aug 2010 08:39:52 GMT

>[�� ]
>>>�� 192.168.1.11
>>
>>�� xx.xx.105.6:8080 �� 192.168.1.11:80. �� --dport
>>-A POSTROUTING -d 192.168.1.11 -p tcp -j SNAT --to-source 192.168.1.200
>
>� �� ?
>
>iptables -I FORWARD -p tcp -s 192.168.1.11 -m state --state ESTABLISHED -j
>ACCEPT
>iptables -I FORWARD -p tcp -d 192.168.1.11 -m state --state ESTABLISHED,NEW -j

ACCEPT
>
>�� , �� tcpdump �� 192.168.1.11,
>�� xx.xx.105.6:8080 � �� tcpdump ��
>
>192.168.1.200 - �� ?

192.168.1.200 - �� ip ��

�� :
iptables -I FORWARD -p tcp -d 192.168.1.11 -m state --state ESTABLISHED,NEW -j
ACCEPT
�� .
�� .

iptables (dbelokursky)

Thu, 26 Aug 2010 08:28:38 GMT

>^ ^ � �ޣ��
>�� - �� .

�� filter � �� portfwf
Chain portfwf (4 references)
num pkts bytes target prot opt in out source destination
5 37 1924 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.11 state NEW tcp dpt:80

iptables (reader)

Thu, 26 Aug 2010 08:24:06 GMT

>[�� ]
>
>>>-A POSTROUTING -d 192.168.1.11 -p tcp -m tcp --dport 80 -j SNAT
>>>--to-source 192.168.1.200
>>
>>�� xx.xx.105.6:8080 �� 192.168.1.11:8080, �� SNAT ��
>>�� , �� --dport 80, �� SNAT ��
>>�� 192.168.1.11
>
>�� xx.xx.105.6:8080 �� 192.168.1.11:80. �� --dport
>-A POSTROUTING -d 192.168.1.11 -p tcp -j SNAT --to-source 192.168.1.200

� �� ?

iptables -I FORWARD -p tcp -s 192.168.1.11 -m state --state ESTABLISHED -j ACCEPT
iptables -I FORWARD -p tcp -d 192.168.1.11 -m state --state ESTABLISHED,NEW -j ACCEPT

�� , �� tcpdump �� 192.168.1.11, �� xx.xx.105.6:8080 � �� tcpdump ��

192.168.1.200 - �� ?

iptables (dbelokursky)

Thu, 26 Aug 2010 07:56:26 GMT

>--to-destination 192.168.1.11:80
>
>�� .

�� . -A PREROUTING -d xx.xx.105.6 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.11:80

iptables (dbelokursky)

Thu, 26 Aug 2010 07:43:03 GMT

>>-A PREROUTING -d xx.xx.105.6 -p tcp -m tcp --dport 8080 -j DNAT
>>--to-destination 192.168.1.11
>
>�� xx.xx.105.6:8080 �� 192.168.1.11:8080, � ��
>80 ��

�� -A PREROUTING -d xx.xx.105.6 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.11:80
��
>>-A PREROUTING -d 192.168.1.200 -p tcp -m tcp --dport 80 -j DNAT
>>--to-destination 192.168.1.11
>
>�� ? �� xx.xx.105.6:8080, ��

�� http://www.opennet.ru/openforum/vsluhforumID1/89679.html#3 ��

>>-A POSTROUTING -d 192.168.1.11 -p tcp -m tcp --dport 80 -j SNAT
>>--to-source 192.168.1.200
>
>�� xx.xx.105.6:8080 �� 192.168.1.11:8080, �� SNAT ��
>�� , �� --dport 80, �� SNAT ��
>�� 192.168.1.11

�� xx.xx.105.6:8080 �� 192.168.1.11:80. �� --dport
-A POSTROUTING -d 192.168.1.11 -p tcp -j S

iptables (tux2002)

Thu, 26 Aug 2010 07:27:41 GMT

>10 0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.1.200 tcp dpt:8080 to:192.168.1.11

^ ^ � �ޣ�� - �� .

iptables (tux2002)

Thu, 26 Aug 2010 07:26:22 GMT

>[�� ]
> xx.xx.105.6
>tcp dpt:8080 to:192.168.1.11
>10 0
>0 DNAT tcp --
> * *
> 0.0.0.0/0
> 192.168.1.200
>tcp dpt:8080 to:192.168.1.11
>
>��. �� .

�� , �� :

--to-destination 192.168.1.11:80

�� .

iptables (reader)

Thu, 26 Aug 2010 07:07:43 GMT

>[�� ]
>-A PREROUTING -j portfw
>-A PREROUTING -i eth0 -j jmpsquid
>-A PREROUTING -i eth0 -j jmpim
>-A PREROUTING -i eth0 -j jmpp3scan
>-A PREROUTING -i eth0 -j jmpsip
>-A PREROUTING -i ppp0 -j MINIUPNPD
>-A PREROUTING -i ippp0 -j MINIUPNPD
>-A PREROUTING -i eth1 -j MINIUPNPD
>-A PREROUTING -d xx.xx.105.6 -p tcp -m tcp --dport 8080 -j DNAT
>--to-destination 192.168.1.11

�� xx.xx.105.6:8080 �� 192.168.1.11:8080, � �� 80 ��

>-A PREROUTING -d 192.168.1.200 -p tcp -m tcp --dport 80 -j DNAT
>--to-destination 192.168.1.11

�� ? �� xx.xx.105.6:8080, ��

>-A POSTROUTING -o ppp0 -j MASQUERADE
>-A POSTROUTING -o ippp0 -j MASQUERADE
>-A POSTROUTING -o eth1 -j MASQUERADE
>-A POSTROUTING -d 192.168.1.11 -p tcp -m tcp --dport 80 -j SNAT
>--to-source 192.168.1.200

�� xx.xx.105.6:8080 �� 192.168.1.11:8080, �� SNAT �� , ��