关于iptable的NAT的一个实例求教.|Linux系统专区人人网,QQ空间,登陆,renren,注册,校内,刷人气

离线乄有點の拽ヤ.

初中二年级

发帖: 1937

C币: -140796

威望: 351

贡献值: 1

银元: -1

铜钱: 4356

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

环境如下
{not.ebook:192.168.1.100}<->;{192.168.1.254:eth1|linuxhos.t|eth0:10.86.1.105}<->;{10.86..11.1:GW}-->; Internet.[成人用品]
linux主机已经如下设置:
modp.robe iptable_nat学习
echo 1 >; /proc/sys/ne.t./ipv4/ip_forward--- 印刷
下面
# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 10..8.6.11.105
对吗?还是不能用105?
然后还要设置DNAT吗?
谢谢!

评价一下你浏览此帖子的感受

分享到 淘江湖新浪 QQ微博 QQ空间开心人人豆瓣网易微博百度鲜果白社会飞信

离线laojean.

初中三年级

发帖: 2275

C币: -138370

威望: 436

贡献值: 6

银元: 3

铜钱: 5179

人人网人气币: 0

只看该作者沙发发表于: 2010-04-13

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
加入上面的命令后,我在notebook上ping 10.86.11.1通,但是不能上网.
iptable -L 如下
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     udp  --  ns.sdjnptt.net.cn    anywhere           udp spt:domain dpts:1025:65535
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpts11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT tcp -- anywhere anywhere tcp dptfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

哪里有问题啊?

离线free51.

初中三年级

发帖: 2027

C币: 3574

威望: 381

贡献值: 1

银元: -4

铜钱: 4639

人人网人气币: 0

只看该作者板凳发表于: 2010-04-13

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
加入上面的命令后,我在notebook上ping 10.86.11.1通,但是不能上网.
iptables -L 如下
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     udp  --  ns.sdjnptt.net.cn    anywhere           udp spt:domain dpts:1025:65535
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpts11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT tcp -- anywhere anywhere tcp dptfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

哪里有问题啊?

离线huandream1.

初中三年级

发帖: 1997

C币: -559569

威望: 361

贡献值: 5

银元: -1

铜钱: 4513

人人网人气币: 0

只看该作者地板发表于: 2010-04-13

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
加入上面的命令后,我在notebook上ping 10.86.11.1通,但是不能上网.
iptables -L 如下
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     udp  --  ns.sdjnptt.net.cn    anywhere           udp spt:domain dpts:1025:65535
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     udp  --  anywhere             anywhere           udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpts11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

REJECT tcp -- anywhere anywhere tcp dptfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

哪里有问题啊?

离线jiji134.

初中三年级

发帖: 2135

C币: -236194

威望: 372

贡献值: 1

银元: -3

铜钱: 4705

人人网人气币: 0

只看该作者 4楼发表于: 2010-04-13

兄弟，你也不用贴这么多吧？
人家要回答你的话，自然会的
你可以加载ip_conntrack模块
此外你看看你的DNS服务器有没有设对，一般网络通，但是不能浏览网页的话，绝大多数是跟DNS有关

离线realrocking.

初中三年级

发帖: 2038

C币: -60792

威望: 382

贡献值: 1

银元: -2

铜钱: 4596

人人网人气币: 0

只看该作者 5楼发表于: 2010-04-13

QUOTE:原帖由 "lichin" 发表：
兄弟，你也不用贴这么多吧？
人家要回答你的话，自然会的
你可以加载ip_conntrack模块
此外你看看你的DNS服务器有没有设对，一般网络通，但是不能浏览网页的话，绝大多数是跟DNS有关
我不是想贴这么多啊,实在是程序本身的问题,提交之后半天没有反应..郁闷,还没有搞定,log中有错误,还要继续试..


	http://www.csuboy.com 访问内容超出本站范围，不能确定是否安全


	关闭您还没有登录，快捷通道只有在登录后才能使用。立即登录还没有帐号？赶紧注册一个


	关闭选中1篇全选

帖子

[问题求助]关于iptable的NAT的一个实例求教. [复制链接]