Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → przekirowanie portów z dwóch intefejsów
Zaloguj się lub zarejestruj by napisać odpowiedź
Próbuje przekierować port z interfejsu tun0 na eth0 na inny ip
przekierowuje tak i nie idzie
iptables -t nat -A PREROUTING -i tun0 -d 10.0.1.1 -p tcp --dport 8000 --dport 192.168.1.100:8000
Jest to może banalne ale ....
A czasami Ty nie chcesz po prostu ustawić routingu?
nie chce ustawić routingu tylko chce przekierować port 8000 z interfejsu tun0 10.0.0.1 na adres ip wewn. 192.168.1.42 i też na port 8000
a nat działa dla tun0 ?
tablicę routingu mam taką
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.114.190.100 * 255.255.255.255 UH 0 0 0 pppoe-wan
10.0.2.2 * 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 * 255.255.255.0 U 0 0 0 br-lan
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
default Lublin-bras1.in 0.0.0.0 UG 0 0 0 pppoe-wanchyba nat nie działa dla tun0
próbowałem też takie coś
iptables -t nat -A PREROUTING -p tcp -d 10.0.1.1 --dport 8000 -j DNAT --to-destination 192.168.1.42
iptables -t nat -I postrouting_rule -p tcp --src 10.0.1.0/24 --dst 192.168.1.42 --dport 8000 -j SNAT --to 192.168.1.42
muszę zrobić route dla tun0
ktoś pomoże?
jak zrobisz nata to routing niekoniecznie musi być
oprócz nata i prerouting zapomniałeś o FORWARD 
dzięki rpc, dziwna sprawa robię przekierowanie portu za pomocą GUI i nawet z zewnątrz nie mogę przekierować portu 8000 na komp. lokalny . Z zewnątrz dostaje się bez problemu na GUI na port 433.
znam openwrt ale garygole nie wiem jak tworzy łańcuchy więc ciężko mi się na ten temat wypowiedzieć.
Jeśli mam pomóc to poproszę
ipconfig
route -n
iptables -L -v
iptables -t nat -L -v
poza tym piszesz, że na routerze robisz
iptables -t nat -A PREROUTING -i tun0 -d 10.0.1.1 -p tcp --dport 8000 --dport 192.168.1.100:8000a gdzie w tablicy którą podałeś masz sieć 192.168.1.0/24 ?
wedle tabeli to masz sieć 192.168.178.0/24
potem piszesz
iptables -t nat -A PREROUTING -p tcp -d 10.0.1.1 --dport 8000 -j DNAT --to-destination 192.168.1.42
iptables -t nat -I postrouting_rule -p tcp --src 10.0.1.0/24 --dst 192.168.1.42 --dport 8000 -j SNAT --to 192.168.1.42i nadal odwołujesz się do podsieci 192.168.1.0/24
nie pomyliło ci się czasem ? hę
ok jeszcze raz
przekierować z adresu 10.0.2.1 port 8000 na 192.168.178.5 port 80
mam włączone za pomocą GUI Grankoya dwa porty z wanu 8090 i 8000 na określone adresy ip w lan
ifconfig
root@1043nd:~$ ifconfig
br-lan Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
inet addr:192.168.178.1 Bcast:192.168.178.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60447 errors:0 dropped:0 overruns:0 frame:0
TX packets:94901 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5794869 (5.5 MiB) TX bytes:125516740 (119.7 MiB)
eth0 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:146762 errors:0 dropped:0 overruns:92359 frame:0
TX packets:145625 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:131663475 (125.5 MiB) TX bytes:129536102 (123.5 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54475 errors:0 dropped:0 overruns:0 frame:0
TX packets:89529 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5327690 (5.0 MiB) TX bytes:123717653 (117.9 MiB)
eth0.2 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:92250 errors:0 dropped:0 overruns:0 frame:0
TX packets:56093 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:124274733 (118.5 MiB) TX bytes:5817322 (5.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:673 errors:0 dropped:0 overruns:0 frame:0
TX packets:673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:50869 (49.6 KiB) TX bytes:50869 (49.6 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 74-EA-3A-AB-EA-5A-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:302 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:25405 (24.8 KiB) TX bytes:0 (0.0 B)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:77.254.242.157 P-t-P:195.114.190.157 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:92023 errors:0 dropped:0 overruns:0 frame:0
TX packets:55848 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:123158874 (117.4 MiB) TX bytes:4351292 (4.1 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.2.1 P-t-P:10.0.2.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:193 errors:0 dropped:0 overruns:0 frame:0
TX packets:243 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:16546 (16.1 KiB) TX bytes:147423 (143.9 KiB)
wlan0 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7552 errors:0 dropped:0 overruns:0 frame:0
TX packets:9207 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:1378291 (1.3 MiB) TX bytes:3576194 (3.4 MiB)route -n
root@1043nd:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.114.190.157 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 195.114.190.157 0.0.0.0 UG 0 0 0 pppoe-waniptables -L -v
root@1043nd:~$ iptables -L -v
Chain INPUT (policy ACCEPT 15 packets, 760 bytes)
pkts bytes target prot opt in out source destination
254 26088 bw_ingress all -- pppoe-wan any anywhere anywhere
981 89176 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
144 10655 ACCEPT all -- lo any anywhere anywhere
101 5052 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
210 15144 input_rule all -- any any anywhere anywhere
210 15144 input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
33616 46M bw_ingress all -- pppoe-wan any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere connmark match 0x8000/0x8000 reject-with icmp-port-unreachable
34191 47M ingress_restrictions all -- pppoe-wan any anywhere anywhere
19868 1589K egress_restrictions all -- any pppoe-wan anywhere anywhere
55975 50M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
309 17805 forwarding_rule all -- any any anywhere anywhere
279 16245 forward all -- any any anywhere anywhere
54 2819 reject all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1165 294K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
144 10655 ACCEPT all -- any lo anywhere anywhere
9 558 output_rule all -- any any anywhere anywhere
9 558 output all -- any any anywhere anywhere
Chain bw_ingress (2 references)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere bandwidth --id total1-download-2-449 --type combined --current_bandwidth 14306 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist1-download-minute-15 --type individual_dst --reset_interval minute --intervals_to_save 15
0 0 all -- any any anywhere anywhere bandwidth --id total2-download-minute-359 --type combined --current_bandwidth 14306 --reset_interval minute --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist2-download-900-24 --type individual_dst --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total3-download-180-479 --type combined --current_bandwidth 5038838 --reset_interval 180 --reset_time 180 --intervals_to_save 479
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist3-download-hour-24 --type individual_dst --reset_interval hour --intervals_to_save 24
0 0 all -- any any anywhere anywhere bandwidth --id total4-download-7200-359 --type combined --current_bandwidth 62711766 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist4-download-day-31 --type individual_dst --reset_interval day --intervals_to_save 31
0 0 all -- any any anywhere anywhere bandwidth --id total5-download-day-365 --type combined --current_bandwidth 129067284 --reset_interval day --intervals_to_save 365
0 0 all -- any any anywhere anywhere match-set local_addr_set dst bandwidth --id bdist5-download-month-12 --type individual_dst --reset_interval month --intervals_to_save 12
Chain egress_restrictions (1 references)
pkts bytes target prot opt in out source destination
19868 1589K egress_whitelist all -- any any anywhere anywhere
Chain egress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain forward (1 references)
pkts bytes target prot opt in out source destination
225 13426 zone_lan_forward all -- br-lan any anywhere anywhere
0 0 zone_wan_forward all -- pppoe-wan any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth0.2 anywhere anywhere
246 14530 nat_reflection_fwd all -- any any anywhere anywhere
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain ingress_restrictions (1 references)
pkts bytes target prot opt in out source destination
34190 47M ingress_whitelist all -- any any anywhere anywhere
Chain ingress_whitelist (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
30 2659 zone_lan all -- br-lan any anywhere anywhere
153 10918 zone_wan all -- pppoe-wan any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
26 1092 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 tcp -- any any anywhere anywhere tcp dpt:ssh recent: SET name: SSH_CHECK side: source
0 0 DROP all -- any any anywhere anywhere recent: UPDATE seconds: 300 hit_count: 11 name: SSH_CHECK side: source
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh connmark match 0x80/0x80
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:8194
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8194
Chain nat_reflection_fwd (1 references)
pkts bytes target prot opt in out source destination
24 1248 ACCEPT tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80
6 312 ACCEPT tcp -- any any 192.168.178.0/24 192.168.178.42 tcp dpt:8000
0 0 ACCEPT udp -- any any 192.168.178.0/24 192.168.178.42 udp dpt:8000
Chain output (1 references)
pkts bytes target prot opt in out source destination
9 558 zone_lan_ACCEPT all -- any any anywhere anywhere
9 558 zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain pf_loopback_B (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any anywhere 192.168.178.5 udp dpt:80
0 0 ACCEPT tcp -- any any anywhere 192.168.178.42 tcp dpt:8000
0 0 ACCEPT udp -- any any anywhere 192.168.178.42 udp dpt:8000
Chain reject (5 references)
pkts bytes target prot opt in out source destination
128 6380 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
59 6565 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
101 5052 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
30 2659 input_lan all -- any any anywhere anywhere
30 2659 zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-lan anywhere anywhere
30 2659 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any br-lan anywhere anywhere
0 0 DROP all -- br-lan any anywhere anywhere
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-lan anywhere anywhere
6 300 reject all -- br-lan any anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
208 12328 pf_loopback_B all -- any any anywhere anywhere
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
225 13426 zone_wan_ACCEPT all -- any any anywhere anywhere
6 300 forwarding_lan all -- any any anywhere anywhere
6 300 zone_lan_REJECT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
153 10918 input_wan all -- any any anywhere anywhere
127 9826 zone_wan_REJECT all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
228 13684 ACCEPT all -- any pppoe-wan anywhere anywhere
0 0 ACCEPT all -- pppoe-wan any anywhere anywhere
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any pppoe-wan anywhere anywhere
0 0 DROP all -- pppoe-wan any anywhere anywhere
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any pppoe-wan anywhere anywhere
127 9826 reject all -- pppoe-wan any anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 192.168.178.5 tcp dpt:www
0 0 ACCEPT udp -- any any anywhere 192.168.178.5 udp dpt:80
0 0 ACCEPT tcp -- any any anywhere 192.168.178.42 tcp dpt:8000
0 0 ACCEPT udp -- any any anywhere 192.168.178.42 udp dpt:8000
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhereiptables -t nat -L -v
root@1043nd:~$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 337 packets, 82892 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any 10.0.2.1 anywhere tcp dpt:7080 to:192.168.178.5:80
924 189K prerouting_rule all -- any any anywhere anywhere
647 165K zone_lan_prerouting all -- br-lan any anywhere anywhere
150 12735 zone_wan_prerouting all -- pppoe-wan any anywhere anywhere
Chain POSTROUTING (policy ACCEPT 35 packets, 2592 bytes)
pkts bytes target prot opt in out source destination
544 31828 postrouting_rule all -- any any anywhere anywhere
6 240 zone_lan_nat all -- any br-lan anywhere anywhere
287 15193 zone_wan_nat all -- any pppoe-wan anywhere anywhere
Chain OUTPUT (policy ACCEPT 37 packets, 2740 bytes)
pkts bytes target prot opt in out source destination
Chain nat_reflection_in (1 references)
pkts bytes target prot opt in out source destination
24 1248 DNAT tcp -- any any 192.168.178.0/24 77-254-242-157.adsl.inetia.pl tcp dpt:8090 to:192.168.178.5:80
0 0 DNAT udp -- any any 192.168.178.0/24 77-254-242-157.adsl.inetia.pl udp dpt:8090 to:192.168.178.5:80
6 312 DNAT tcp -- any any 192.168.178.0/24 77-254-242-157.adsl.inetia.pl tcp dpt:8000 to:192.168.178.42:8000
0 0 DNAT udp -- any any 192.168.178.0/24 77-254-242-157.adsl.inetia.pl udp dpt:8000 to:192.168.178.42:8000
Chain nat_reflection_out (1 references)
pkts bytes target prot opt in out source destination
4 208 SNAT tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www to:192.168.178.1
0 0 SNAT udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80 to:192.168.178.1
0 0 SNAT tcp -- any any 192.168.178.0/24 192.168.178.42 tcp dpt:8000 to:192.168.178.1
0 0 SNAT udp -- any any 192.168.178.0/24 192.168.178.42 udp dpt:8000 to:192.168.178.1
Chain pf_loopback_A (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:8090 to:192.168.178.5:80
0 0 DNAT udp -- any any anywhere anywhere udp dpt:8090 to:192.168.178.5:80
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:8000 to:192.168.178.42:8000
0 0 DNAT udp -- any any anywhere anywhere udp dpt:8000 to:192.168.178.42:8000
Chain pf_loopback_C (1 references)
pkts bytes target prot opt in out source destination
20 1040 MASQUERADE tcp -- any any 192.168.178.0/24 192.168.178.5 tcp dpt:www
0 0 MASQUERADE udp -- any any 192.168.178.0/24 192.168.178.5 udp dpt:80
6 312 MASQUERADE tcp -- any any 192.168.178.0/24 192.168.178.42 tcp dpt:8000
0 0 MASQUERADE udp -- any any 192.168.178.0/24 192.168.178.42 udp dpt:8000
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
26 1352 pf_loopback_C all -- any br-lan anywhere anywhere
0 0 MASQUERADE all -- any eth0.2 anywhere anywhere
464 28280 nat_reflection_out all -- any any anywhere anywhere
Chain prerouting_lan (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
831 179K nat_reflection_in all -- any any anywhere anywhere
Chain prerouting_wan (1 references)
pkts bytes target prot opt in out source destination
6 252 ACCEPT udp -- any any anywhere anywhere udp dpt:openvpn
Chain quota_redirects (1 references)
pkts bytes target prot opt in out source destination
627 163K CONNMARK all -- any any anywhere anywhere CONNMARK and 0xffffff
616 160K CONNMARK all -- any any anywhere anywhere CONNMARK and 0xffffff
Chain zone_lan_nat (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 pf_loopback_A all -- any any anywhere 77-254-242-157.adsl.inetia.pl
627 163K quota_redirects all -- any any anywhere anywhere
647 165K prerouting_lan all -- any any anywhere anywhere
Chain zone_wan_nat (1 references)
pkts bytes target prot opt in out source destination
287 15193 MASQUERADE all -- any any anywhere anywhere
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:8194 redir ports 8194
0 0 REDIRECT udp -- any any anywhere anywhere udp dpt:8194 redir ports 8194
0 0 CONNMARK tcp -- any any anywhere anywhere tcp dpt:6022 CONNMARK or 0x80
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:6022 redir ports 22
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:https redir ports 443
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:8090 to:192.168.178.5:80
0 0 DNAT udp -- any any anywhere anywhere udp dpt:8090 to:192.168.178.5:80
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:8000 to:192.168.178.42:8000
0 0 DNAT udp -- any any anywhere anywhere udp dpt:8000 to:192.168.178.42:8000
150 12735 prerouting_wan all -- any any anywhere anywherenie działa również przekierowanie z wan na portach 8090 i 8000, a te porty były ustawianie z GUI, już nie mam pojęcia co jest grane
najdziwniejszcze jest to że jak wchodze przez ddyns z lokalnej sieci na port 8090 to działa, jak od strony wanu nie działa, i gdzie jest błąd?
pomoże ktoś, przecież to jest takie banalne
spokojnie nie każdy ma czas na już i teraz i zaraz
iptables -t nat -I POSTROUTING --src 192.168.178.0/24 -o tun+ -j MASQUERADE #twoj nat
#twoje reguly
iptables -t nat -I PREROUTING -d 10.0.2.0/24 -p tcp --dport 8000 -j DNAT --to-destination 192.168.178.5:80
iptables -I FORWARD -i tun+ -p tcp --dport 8000 -j ACCEPT
#te regule ja dodaje choc pewnie nie musiala by byc
iptables -I FORWARD -i tun+ -p tcp --dst 192.168.178.5 --dport 80 -j ACCEPT
#na wszelki wypadek otwieram ruch z lan do openvpn
iptables -I FORWARD --src 192.168.178.0/24 -o tun+ -j ACCEPTto ostatnie trzeba zobaczyć ale może nie będzie potrzebne
a powinno jeszcze coś takiego banglać
iptables -t nat -I postrouting_rule --src 192.168.178.0/24 -o tun+ -j MASQUERADE
iptables -t nat -I prerouting_rule -d 10.0.2.0/24 -p tcp --dport 8000 -j DNAT --to-destination 192.168.178.5:80
iptables -I forwarding_rule -i tun+ -p tcp --dport 8000 -j ACCEPT
iptables -I forwarding_rule -i tun+ -p tcp --dst 192.168.178.5 --dport 80 -j ACCEPT
iptables -I forwarding_rule --src 192.168.178.0/24 -o tun+ -j ACCEPTale nie jestem pewny czy reguły poprawnie się dodadzą znaczy w kolejności jakiej sobie tego ja życzę
możesz też inaczej zrobić za pomocą routingu
dodajesz do konfiguracji serwera openvpn
push "dhcp-option DNS 192.168.178.1"
push "route 192.168.178.0 255.255.255.0"
push "route 10.0.2.0 255.255.255.0"otworzyć forwad
iptables -I FORWARD -i br-lan -o tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -o br-lan -j ACCEPTmożesz wpisać konkretny adres ip w iptables lub sieć jak chcesz zawęzić dostęp ja podałem ALL
na routerze masz już tak jak trzeba ustawiony routing
odwołujesz się nie po porcie 8000 ale bezpośrednio na adres 192.168.178.5:80 czyli port 80
co do dnsmasq i DNS se trzeba sprawdzić ale raczej powinien odpowiedzieć dns z sieci lan. Jak nbie chcesz to pomijasz linijkę
dzięki rpc za twoje wypociny ale nie wiem czemu dalej nie chodzą twoje dwa warianty, nic innego nie instalowałem tylko openvpn, wszystkie firewall mam wyłączone + antywirus
pojawia mi się taki komunikat, może mi brakuje czegoś jeszcze
root@1043nd:~$ iptables -t nat -I PREROTING -d 10.0.2.0/24 -p tcp --dport 8000 -j DNAT --to-destination 192.168.178.5:80
iptables: No chain/target/match by that name.PREROTING -> PREROUTING
ta literówka dzięki cezary
już poprawiłem
dzięki chłopaki ale w dalszym ciągu nic nie pomaga, na wcześniejszych wersjach wszystko mi działało
powiem tak nie ma lewara musi zadziałać
więc pewnikiem masz coś nie tak u siebie, może firewall na kliencie
reguły są wstawiane przed wszystkimi pozostałymi więc nic nie powinno mieć wpływu na ich działanie
Jeśli się mylę to niech mnie cezary naprostuje
A jak chcesz wiedzieć to zainstaluj tcpdump-mini i będziesz widział jak pakiety banglają
a ze swojego lan możesz pingować clienta openvpn ? bo powinieneś
tak pinguję, wchodzę na router po adresie 10.0.2.1 i wszystko działa,na innym wątku moim nie mogę się dostać z zewnątrz czyli z wan do lan konfigurując wszystko z GUI Gargoyle, może iptables jest coś spieprzony?
to może inaczej
iptables -t nat -I POSTROUTING --src 192.168.178.0/25 -o tun0 -j SNAT --to 10.0.2.1
iptables -t nat -I PREROUTING -d 10.0.2.1 -p tcp --dport 8000 -j DNAT --to-destination 192.168.178.5:80
iptables -I FORWARD --src 10.0.2.0/24 -p tcp --dport 8000 -j ACCEPT
iptables -I FORWARD --src 10.0.2.0/24 -p tcp --dst 192.168.178.5 --dport 80 -j ACCEPT
iptables -I FORWARD --src 192.168.178.0/24 ---dst 10.0.2.0/24 -j ACCEPTZaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → przekirowanie portów z dwóch intefejsów
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc