为什么我在iptables中看到'X11'?

时间:2013-11-16 23:27:46

标签: router iptables portforwarding

我正在设置udp端口转发:

for i in `seq 0 9`
do 
   sudo iptables -A PREROUTING -t nat -i eth0 -p udp --dport 600${i} -j DNAT --to 192.168.7.1${i}
   sudo iptables -A FORWARD -p  udp -d 192.168.7.1${i} --dport 600${i} -j ACCEPT
done

虽然我记不住了,但我很确定我为tcp端口转发做了同样的事情,但是当我运行iptables -L时,我得到以下内容:

$ sudo iptables -L                                                                                                                                                        
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.0.109        tcp dpt:6009
ACCEPT     tcp  --  anywhere             192.168.0.108        tcp dpt:6008
ACCEPT     tcp  --  anywhere             192.168.0.107        tcp dpt:x11-7
ACCEPT     tcp  --  anywhere             192.168.0.106        tcp dpt:x11-6
ACCEPT     tcp  --  anywhere             192.168.0.105        tcp dpt:x11-5
ACCEPT     tcp  --  anywhere             192.168.0.104        tcp dpt:x11-4
ACCEPT     tcp  --  anywhere             192.168.0.103        tcp dpt:x11-3
ACCEPT     tcp  --  anywhere             192.168.0.102        tcp dpt:x11-2
ACCEPT     tcp  --  anywhere             192.168.0.101        tcp dpt:x11-1
ACCEPT     tcp  --  anywhere             192.168.0.100        tcp dpt:x11
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             LOG level warning
ACCEPT     udp  --  anywhere             main                 udp dpt:x11
ACCEPT     udp  --  anywhere             desktop1             udp dpt:x11-1
ACCEPT     udp  --  anywhere             desktop2             udp dpt:x11-2
ACCEPT     udp  --  anywhere             desktop3             udp dpt:x11-3
ACCEPT     udp  --  anywhere             desktop4             udp dpt:x11-4
ACCEPT     udp  --  anywhere             desktop5             udp dpt:x11-5
ACCEPT     udp  --  anywhere             desktop6             udp dpt:x11-6
ACCEPT     udp  --  anywhere             192.168.7.17         udp dpt:x11-7
ACCEPT     udp  --  anywhere             192.168.7.18         udp dpt:6008
ACCEPT     udp  --  anywhere             192.168.7.19         udp dpt:6009

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

为什么X11?如何删除此项(清除规则?)并将其重新设置为600_

1 个答案:

答案 0 :(得分:1)

您看到的端口实际上是600_;当您运行iptables而没有-n选项时,它会将端口解析为/etc/services文件中定义的名称以及使用/etc/hosts或dns调用的地址:

cat /etc/services
[...]
ggz     5688/tcp            # GGZ Gaming Zone
ggz     5688/udp
x11     6000/tcp    x11-0       # X Window System
x11     6000/udp    x11-0
x11-1       6001/tcp
x11-1       6001/udp
x11-2       6002/tcp
x11-2       6002/udp
x11-3       6003/tcp
x11-3       6003/udp
[...]

要使用数字查看防火墙规则,用户iptables -n

  -n, --numeric
          Numeric  output.   IP addresses and port numbers will be printed
          in numeric format.  By default, the program will try to  display
          them  as host names, network names, or services (whenever appli‐
          cable).