Iptables는 리디렉션되지 않습니다

tag-icon tag-icon linux iptables routing ip nat
Iptables는 리디렉션되지 않습니다

단일 IP 주소에서 다른 IP 주소로 포트 102의 모든 TCP 트래픽을 리디렉션하려고 하며 해당 IP도 가장하려고 합니다.

나는 이 iptable 구성을 사용하고 있지만 여전히 연결할 수 없습니다.

iptables -t nat -A PREROUTING -s 195.190.131.189 -d 195.190.131.180 -p tcp --dport 102 -j DNAT --to 192.168.251.10:102
iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 102 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -p tcp --dport 102 -j LOG --log-level 2
iptables -t nat -I PREROUTING 1  -p tcp --dport 102 -j LOG --log-level 2
iptables -t nat -I OUTPUT 1      -p tcp --dport 102 -j LOG --log-level 2

iptable -t nat -L -nv는 다음을 보여줍니다.

Chain PREROUTING (policy ACCEPT 5 packets, 292 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   152 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:102 LOG flags 0 level 2
    3   152 DNAT       tcp  --  *      *       195.190.131.189      195.190.131.180     tcp dpt:102 to:192.168.251.10:102

Chain POSTROUTING (policy ACCEPT 11 packets, 660 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:102 LOG flags 0 level 2
    0     0 MASQUERADE  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:102

Chain OUTPUT (policy ACCEPT 11 packets, 660 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:102 LOG flags 0 level 2


Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:102 LOG flags 0 level 2

그래서 내가 이해한 바로는 패킷이 DNAT로 전송됩니다.

메시지 로그에 출력 인터페이스가 표시되지 않는 것이 문제입니까?

Sep 24 20:14:28 appsgh kernel: IN=eth0 OUT= MAC=00:50:56:8a:70:12:00:50:56:8a:74:02:08:00 SRC=195.190.131.189 DST=195.190.131.180 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6511 DF PROTO=TCP SPT=53696 DPT=102 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 24 20:19:18 appsgh kernel: IN=eth0 OUT= MAC=00:50:56:8a:70:12:00:50:56:8a:74:02:08:00 SRC=195.190.131.189 DST=195.190.131.180 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=6701 DF PROTO=TCP SPT=53709 DPT=102 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 24 20:19:21 appsgh kernel: IN=eth0 OUT= MAC=00:50:56:8a:70:12:00:50:56:8a:74:02:08:00 SRC=195.190.131.189 DST=195.190.131.180 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=6703 DF PROTO=TCP SPT=53709 DPT=102 WINDOW=8192 RES=0x00 SYN URGP=0
Sep 24 20:19:27 appsgh kernel: IN=eth0 OUT= MAC=00:50:56:8a:70:12:00:50:56:8a:74:02:08:00 SRC=195.190.131.189 DST=195.190.131.180 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=6707 DF PROTO=TCP SPT=53709 DPT=102 WINDOW=8192 RES=0x00 SYN URGP=0

답변1

이 일을 하시겠습니까?
{클라이언트}(port_random)------(port12345){귀하}(port_random)----(port4321){111.111.111.111}

iptables -t nat -A PREROUTING -p tcp --dport 12345 -j DNAT --to-destination 111.111.111.111:4321
iptables -A FORWARD -p tcp -d 111.111.111.111 --dport 4321 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -d 111.111.111.111 -o eth0 -j MASQUERADE

관련 정보