我正在设置udp端口转发:
for i in `seq 0 9`
do
sudo iptables -A PREROUTING -t nat -i eth0 -p udp --dport 600${i} -j DNAT --to 192.168.7.1${i}
sudo iptables -A FORWARD -p udp -d 192.168.7.1${i} --dport 600${i} -j ACCEPT
done
虽然我记不住了,但我很确定我为tcp端口转发做了同样的事情,但是当我运行iptables -L
时,我得到以下内容:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.0.109 tcp dpt:6009
ACCEPT tcp -- anywhere 192.168.0.108 tcp dpt:6008
ACCEPT tcp -- anywhere 192.168.0.107 tcp dpt:x11-7
ACCEPT tcp -- anywhere 192.168.0.106 tcp dpt:x11-6
ACCEPT tcp -- anywhere 192.168.0.105 tcp dpt:x11-5
ACCEPT tcp -- anywhere 192.168.0.104 tcp dpt:x11-4
ACCEPT tcp -- anywhere 192.168.0.103 tcp dpt:x11-3
ACCEPT tcp -- anywhere 192.168.0.102 tcp dpt:x11-2
ACCEPT tcp -- anywhere 192.168.0.101 tcp dpt:x11-1
ACCEPT tcp -- anywhere 192.168.0.100 tcp dpt:x11
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning
ACCEPT udp -- anywhere main udp dpt:x11
ACCEPT udp -- anywhere desktop1 udp dpt:x11-1
ACCEPT udp -- anywhere desktop2 udp dpt:x11-2
ACCEPT udp -- anywhere desktop3 udp dpt:x11-3
ACCEPT udp -- anywhere desktop4 udp dpt:x11-4
ACCEPT udp -- anywhere desktop5 udp dpt:x11-5
ACCEPT udp -- anywhere desktop6 udp dpt:x11-6
ACCEPT udp -- anywhere 192.168.7.17 udp dpt:x11-7
ACCEPT udp -- anywhere 192.168.7.18 udp dpt:6008
ACCEPT udp -- anywhere 192.168.7.19 udp dpt:6009
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
为什么X11
?如何删除此项(清除规则?)并将其重新设置为600_
答案 0 :(得分:1)
您看到的端口实际上是600_;当您运行iptables
而没有-n
选项时,它会将端口解析为/etc/services
文件中定义的名称以及使用/etc/hosts
或dns调用的地址:
cat /etc/services
[...]
ggz 5688/tcp # GGZ Gaming Zone
ggz 5688/udp
x11 6000/tcp x11-0 # X Window System
x11 6000/udp x11-0
x11-1 6001/tcp
x11-1 6001/udp
x11-2 6002/tcp
x11-2 6002/udp
x11-3 6003/tcp
x11-3 6003/udp
[...]
要使用数字查看防火墙规则,用户iptables -n
:
-n, --numeric
Numeric output. IP addresses and port numbers will be printed
in numeric format. By default, the program will try to display
them as host names, network names, or services (whenever appli‐
cable).