我有以下的iptables命令:
iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE iptables -t nat -i ppp0 -A PREROUTING -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 iptables -t nat -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE 我试着将下面的代码添加到/etc/ufw/before.rules的顶部,然后在文件的底部,并没有工作:
# NAT table rules *nat :PREROUTING ACCEPT [0:0] -A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 -A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 :POSTROUTING ACCEPT [0:0] -A POSTROUTING -p tcp --dport 80 -j MASQUERADE -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE COMMIT
任何想法? 谢谢!
你试过这样写吗?
# NAT table rules *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i ppp0 -p tcp --dport 81 -j DNAT --to-destination 192.168.16.8:80 -A PREROUTING -i ppp0 -p tcp --dport 5000 -j DNAT --to-destination 192.168.16.8:5000 -A POSTROUTING -p tcp --dport 80 -j MASQUERADE -A POSTROUTING -p tcp --dport 5000 -j MASQUERADE COMMIT
:PREROUTING和:POSTROUTING策略似乎需要在*nat行后面声明。 至less它在我个人的iptables规则文件中是这样的。