用iptable转发远程控制端口

我有以下情况是转发到远程控制到MS Server 2008的iptables的路由器，但我还没有能够使其与当前的iptable规则，我有：在这里输入图像说明

-A PREROUTING -p tcp --dport 3389 --destination 192.168.0.5 -A PREROUTING -p udp --dport 3389 --destination 192.168.0.5

192.168.0.5是MS服务器的地址，所以我尝试将请求redirect到它。任何build议。

编辑

这是什么/etc/init.d/iptable状态抛出3389 grp

 10 ACCEPT tcp -- 0.0.0.0/0 192.168.0.5 tcp dpt:3389 113 ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 multiport dports 21,25,110,1143,143,2082,2095,2525,3306,3389,7080,7777 11 DNAT tcp -- 0.0.0.0/0 190.181.129.51 tcp dpt:3389 to:192.168.0.5:3389 12 DNAT udp -- 0.0.0.0/0 190.181.129.51 udp dpt:3389 to:192.168.0.5:3389

 iptables -t nat -A PREROUTING -p tcp -d <IP_OF_YOUR_ROUTER> --dport 3389 -j DNAT --to-destination 192.168.0.5:3389 iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 3389 -j ACCEPT

尝试执行这个脚本：

  #!/bin/bash #Uncomment the following line to enable ip forwarding if it is not already enabled. #echo 1 > /proc/sys/net/ipv4/ip_forward #nat rules to change destination ip address to the ip address of MS server iptables -t nat -A PREROUTING -p tcp -d <IP Address of the router/machine on which you are planning to execute this script> --dport 3389 -j DNAT --to 192.168.0.5 #Allow response from MS server to router/machine on which you execute this script iptables -t nat -A POSTROUTING -d 192.168.0.5 -j MASQUERADE

如果上述脚本不起作用，请清除上述规则并尝试以下脚本： –

  #!/bin/bash #Uncomment the following line to enable ip forwarding if it is not already enabled. #echo 1 > /proc/sys/net/ipv4/ip_forward #nat rules to change destination ip address to the ip address of MS server iptables -t nat -A PREROUTING -p tcp -d <IP Address of the router/machine on which you are planning to execute this script> --dport 3389 -j DNAT --to 192.168.0.5:3389 #Allow response from MS server to router/machine on which you execute this script iptables -t nat -A POSTROUTING -d 192.168.0.5 -j MASQUERADE