iptables错在哪里啊?`

Snoopy · 发表于 2003-11-15 15:34:07

[root@Snoopy Iptables]# iptables -L -n
Chain INPUT (policy ACCEPT)
target    prot opt source             destination

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

Chain block (0 references)
target    prot opt source             destination

Chain icmpfilter (0 references)
target    prot opt source             destination

Chain nat (0 references)
target    prot opt source             destination

我一查看,都没查看到规则啊,,,很多都不懂为什么!!

大熊宝宝 · 发表于 2003-11-15 15:41:17

iptables --list 发上来还要你AS上FTP服务开着吗

Snoopy · 发表于 2003-11-15 15:59:29

[root@Snoopy pink]# nmap snoopy

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
All 1601 scanned ports on Snoopy (127.0.0.1) are: closed

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
[root@Snoopy pink]# iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source             destination

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

Chain block (0 references)
target    prot opt source             destination

Chain icmpfilter (0 references)
target    prot opt source             destination

Chain nat (0 references)
target    prot opt source             destination

ftp关了,,,iptables之前的东西F掉后打上面的例子都没反应的,

大熊宝宝 · 发表于 2003-11-15 16:07:21

你IPTABLES没有转发的规则阿
你IPTALBES的模块加载了吗
/etc/init.d/iptables stop
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp

Snoopy · 发表于 2003-11-15 16:15:53

[root@Snoopy pink]# service iptables stop
Flushing firewall rules:                                  [  OK  ]
Setting chains to policy ACCEPT: nat filter             [  OK  ]
Unloading iptables modules:                               [  OK  ]
[root@Snoopy pink]#  modprobe ip_tables
[root@Snoopy pink]#  modprobe ip_nat_ftp
[root@Snoopy pink]#  modprobe ip_conntrack
[root@Snoopy pink]#  modprobe ip_conntrack_ftp
[root@Snoopy pink]# iptables -t nat -A PREROUTING -p tcp -d 192.168.206.8 --dport 21 -j DNAT --to-destination 192.168.100.1:21
[root@Snoopy pink]# iptables -L -n
Chain INPUT (policy ACCEPT)
target    prot opt source             destination

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination
[root@Snoopy pink]# nmap snoopy

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
All 1601 scanned ports on Snoopy (127.0.0.1) are: closed

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds
[root@Snoopy pink]# iptables --list
Chain INPUT (policy ACCEPT)
target    prot opt source             destination

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

还是没开,,,,我苦,,,,,,,,,,,

大熊宝宝 · 发表于 2003-11-15 16:21:28

用iptables --list 不能看出 iptables -A INPUT --dport 21 -j ACCEPT

Snoopy · 发表于 2003-11-15 16:27:17

谢谢你宝宝!!问题还没解决,,,,

我根本就没禁止21端口,而且我打上面那些转发例子前我都是先iptables -F的

吐血,不知道原因怎样,,,找都找不出来,,,,

大熊宝宝 · 发表于 2003-11-15 16:31:00

你是怎么测试FTP的

Snoopy · 发表于 2003-11-15 16:34:18

ftp 192.168.100.1 登录上了,

我想别人登录192.168.206.8时,转到192.168.100.1去

而我192.168.206.8自己的ftp,21都没开,

而且192.168.100.1的ftp是没问题的,,,

大熊宝宝 · 发表于 2003-11-15 17:13:54

如果你在内网测试肯定把会转发的

		自动登录	找回密码
密码			注册