[问题求助][求助]请问rh9下如何用iptables实现这一小功能[内详] [复制链接]

用iptables实现映射多个端口到某个端口.~.
比如,真实提供服务的端口是tcp得69.00[成人用品]
想要访问该机9090 8080端口时候相当于访问6900 请问.如何用i.ptables实现。            杀毒

查阅了不少资料后发现不.是无效就是重启iptable.s时候报错.--- 印刷
现在的/etc/sysconf.ig/iptab.les内容为.

*filter

:INP.UT ACCEPT [0:0](广告)

:FORWARD ACCEPT [0:.0]          婚庆

:OUTPUT ACCEPT .[0:0].

:RH-Firewa.ll-1-INPUT - [0:0].           鲜花

-A. INPUT -j RH-Fi.rewall-1-INPUT.

-A F.ORW.ARD -j RH-Firewall-1-INPUT电影

-A RH-Firewall-1-INPUT .-i lo -j ACC.EPT.

-A RH-Firewall.-1-INPUT -p .icmp --icmp-type any -j ACCEPT--------------彩票

-A RH-Firewall-.1-INPUT -m state --state ESTABLISHE.D,RELATED -j ACCEPT              乙肝

-A RH-Firewall-1-INPUT -m state --state. NEW -m tcp -p tcp. --dport 22 -j ACCE.PT电脑

-A RH-Firewall-1-INPUT -m state --state NEW -m. tcp -.p tcp --dport .80 -j ACCEPT.

-A RH-Fir.ew.all-1-INPUT -m st.ate --state NEW -m tcp -p tcp --dport 6900 -j ACCEPT.

-A. RH-Firewall-1-INPUT -m state --s.tate NEW -m tcp -p tcp --d.port 6900 -j ACCEPT.

#-A .RH-Firewall-1-INPUT -p tcp -j REJECT --reject-.with tcp-reset             汽车

-A RH-Fir.ewall-1-INPUT -j RE.JECT --reject-with icmp-host-prohibited             电子

COMMIT
复制代码
谢谢各位了！http://upload.bbs.csuboy.com/Mon_1004/126_6891_6b09ec97ec549ba.gif[/img]<性病>

应该做在 nat 表里，而不是 filter 表

谢谢斑竹~
我试过了放在nat表里面~可是报错~

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A PREROUTING -i eth0 -p tcp --dport 9090 -j DNAT --to 127.0.0.1:6900  

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6900 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9090 -j ACCEPT

#-A RH-Firewall-1-INPUT -p tcp -j REJECT --reject-with tcp-reset

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT
复制代码
提示第一个CoMMIT那行有错~

net:

-A PREROUTING -i eth0 -p tcp -m tcp --dport 9090 -j DNAT --to-destination 127.0.0.1:6900
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 127.0.0.1:6900

[ 本帖最后由 abc3w 于 2006-4-17 20:04 编辑 ]

QUOTE:原帖由 tanaous 于 2006-4-16 22:49 发表
谢谢斑竹~
我试过了放在nat表里面~可是报错~

[code]
*nat
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 9090 -j DNAT --to 127 ...

报错？报什么错？你做了什么报错？