%20%E4%BB%8B%E9%9D%A2%E7%9A%84%E9%80%A3%E6%8E%A5%E5%9F%A0%E9%87%8D%E5%AE%9A%E5%90%91.png)
我有一個相對簡單的需求,想用nft(nftables)來解決。它將所有傳入資料包從連接埠 445 重定向到連接埠 1445。
我目前的實作僅適用於本地,不適用於外部請求。連接埠 445 不可用於外部連接。
table ip nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
redirect
tcp dport microsoft-ds redirect to :1445
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
}
chain output {
type nat hook output priority 100; policy accept;
tcp dport microsoft-ds redirect to :1445
}
}
有人有提示嗎?謝謝。
答案1
我解決了我的問題。
這對我有用:
table ip nat {
chain prerouting {
type nat hook prerouting priority 0; policy accept;
tcp dport microsoft-ds counter packets 1 bytes 52 dnat to :1445
}
chain postrouting {
type nat hook postrouting priority 100; policy accept;
}
chain output {
type nat hook output priority 100; policy accept;
tcp dport microsoft-ds counter packets 3 bytes 180 dnat to :1445
}
}