我通过VPN使用SSH访问远程Ubuntu服务器。 现在我想configuration远程服务器。
我试图转发到我的隧道端口80传入stream量的路由器地址,但它不工作:
sudo iptables -A FORWARD -i tun0 -o enp3s0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -i tun0 -o enp3s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -i enp3s0 -o tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -P FORWARD DROP sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1 sudo iptables -t nat -A POSTROUTING -o tun0 -p tcp --dport 80 -d 192.168.1.1 -j SNAT --to-source 172.20.20.11 我也有一个运行在端口8080上的web服务器,所以我testing了这个地址,而且它工作,所以我不知道为什么它不工作的路由器接口:
sudo iptables -A FORWARD -i tun0 -o enp3s0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -i tun0 -o enp3s0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -i enp3s0 -o tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -P FORWARD DROP sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.197:8080 sudo iptables -t nat -A POSTROUTING -o tun0 -p tcp --dport 80 -d 192.168.1.197 -j SNAT --to-source 172.20.20.11
UFW防火墙处于非活动状态
networkingconfiguration:
adm@server:~$ ifconfig enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.197 netmask 255.255.255.0 broadcast 192.168.1.255 ether f4:4d:30:6b:a2:8c txqueuelen 1000 (Ethernet) RX packets 21987 bytes 22287960 (22.2 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14821 bytes 2654314 (2.6 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500 inet 172.20.20.11 netmask 255.255.255.0 destination 172.20.20.11 unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC) RX packets 2761 bytes 134743 (134.7 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2523 bytes 936758 (936.7 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0