求救 RHEL5.1 AS 之 PREROUTING 遇到困難.
相同的 rule 於RHEL3 運作正常,但是搬到RHEL 5.1後就Fail,
以下是測試的資料
RHEL 5.1server 可以由 eth0 ping 到該內部主機.
[root@linuxbackup~]# ping 192.168.147.11
PING 192.168.147.11 (192.168.147.11) 56(84) bytes of data.
64 bytes from 192.168.147.11: icmp_seq=1 ttl=128 time=0.572 ms
64 bytes from 192.168.147.11: icmp_seq=2 ttl=128 time=0.523 ms
64 bytes from 192.168.147.11: icmp_seq=3 ttl=128 time=0.553 ms
RHEL 5.1 server 可以由 eth0 telnet進入 3389 port.
[root@linuxbackup~]# telnet 192.168.147.11 3389
Trying 192.168.147.11...
Connected to 192.168.147.11 (192.168.147.11).
Escape character is '^]'.
RHEL 5.1 server 之 iptabled 規則.
#開放自己外部主機的權限.
iptables -A INPUT -p all -s 60.251.201.158/255.255.255.255 -j ACCEPT
#設定RHEL 5.1 server port 3900 IP 轉送
iptables -A PREROUTING -t nat -p tcp -d 61.251.225.16 --dport 3900 -j
DNAT --to 192.168.147.11:3389
#RHEL 5.1 server 開放 3900 port
iptables -A INPUT -i eth1 -p tcp --dport 3900 -j ACCEPT
tcpdump 發現RHEL 5.1 server拒絕外部電腦port 3900 轉送要求.
[root@linuxbackup~]# tcpdump -i eth1 port 3900
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
15:02:40.110318 IP official.qsnet-nucl > linuxbackup.3900: S
3594163773:3594163773(0) win 65535 <mss 1460,nop,nop,sackOK>
15:02:43.093518 IP official.qsnet-nucl > linuxbackup.3900: S
3594163773:3594163773(0) win 65535 <mss 1460,nop,nop,sackOK>
15:02:49.127643 IP official.qsnet-nucl > linuxbackup.3900: S
3594163773:3594163773(0) win 65535 <mss 1460,nop,nop,sackOK>
請教高手這是那邊出問題?
討論串 (同標題文章)
完整討論串 (本文為第 1 之 8 篇):