1. 首頁
  2. 問答
  3. iptables:複製/轉發端口

iptables:複製/轉發端口

2011-05-19 127 views
1

我試圖從阻塞此端口的網絡連接到MySQL(端口3306)。但還有另一個端口110打開,我可以使用這種情況。我爲其他應用程序使用MySQL,所以我不能只是簡單地更改端口。iptables:複製/轉發端口

我現在試圖通過iptables設置端口轉發。準確地說,我想在沒有阻止3306的情況下將110轉發到3306.

我花了很多時間使用Google搜索,但是我無法正常工作。我也有點擔心把我鎖起來。你能給我一個提示嗎?

非常感謝!

#~ iptables -L 
Chain INPUT (policy DROP) 
target  prot opt source    destination   
LOG  all -- anywhere    anywhere   state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID ' 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
DROP  all -- anywhere    anywhere   state INVALID 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,RST/FIN,RST 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,SYN/FIN,SYN 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,ACK/FIN 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,RST/FIN,RST 
MY_DROP tcp -- anywhere    anywhere   tcp flags:FIN,ACK/FIN 
ACCEPT  all -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere   state RELATED,ESTABLISHED 
ACCEPT  icmp -- anywhere    anywhere   icmp destination-unreachable 
ACCEPT  icmp -- anywhere    anywhere   icmp destination-unreachable 
ACCEPT  icmp -- anywhere    anywhere   icmp source-quench 
ACCEPT  icmp -- anywhere    anywhere   icmp echo-request 
ACCEPT  icmp -- anywhere    anywhere   icmp time-exceeded 
ACCEPT  icmp -- anywhere    anywhere   icmp parameter-problem 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:www 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:https 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:smtp 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:ssmtp 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:pop3 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:pop3s 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:imap2 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:imaps 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:nntp 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:domain 
ACCEPT  udp -- anywhere    anywhere   state NEW udp dpt:domain 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:ftp 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:ssh 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:mysql 
ACCEPT  udp -- anywhere    anywhere   state NEW udp dpt:ntp 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:6060 
MY_REJECT all -- anywhere    anywhere    
MY_REJECT all -- anywhere    anywhere    

Chain FORWARD (policy DROP) 
target  prot opt source    destination   

Chain OUTPUT (policy DROP) 
target  prot opt source    destination   
LOG  all -- anywhere    anywhere   state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID ' 
DROP  all -- anywhere    anywhere   state INVALID 
ACCEPT  all -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere   state NEW,RELATED,ESTABLISHED 
ACCEPT  icmp -- anywhere    anywhere   icmp echo-reply 
ACCEPT  icmp -- anywhere    anywhere   icmp destination-unreachable 
ACCEPT  icmp -- anywhere    anywhere   icmp echo-request 
MY_REJECT all -- anywhere    anywhere    

Chain MY_DROP (7 references) 
target  prot opt source    destination   
LOG  all -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP ' 
LOG  all -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP ' 
DROP  all -- anywhere    anywhere    

Chain MY_REJECT (3 references) 
target  prot opt source    destination   
LOG  tcp -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP ' 
REJECT  tcp -- anywhere    anywhere   reject-with tcp-reset 
LOG  tcp -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP ' 
LOG  udp -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP ' 
REJECT  tcp -- anywhere    anywhere   reject-with tcp-reset 
REJECT  udp -- anywhere    anywhere   reject-with icmp-port-unreachable 
LOG  udp -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP ' 
DROP  icmp -- anywhere    anywhere    
REJECT  udp -- anywhere    anywhere   reject-with icmp-port-unreachable 
LOG  all -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER ' 
LOG  icmp -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP ' 
REJECT  all -- anywhere    anywhere   reject-with icmp-proto-unreachable 
DROP  icmp -- anywhere    anywhere    
LOG  all -- anywhere    anywhere   limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER ' 
REJECT  all -- anywhere    anywhere   reject-with icmp-proto-unreachable

來源

2011-05-19 marekventur

回答

1

這可能工作,沒有測試過它。

iptables -t nat -A PREROUTING -p tcp --dport 110 -j REDIRECT --to-port 3306

來源

2011-05-19 10:12:33 freethinker

+0

謝謝!這工作! – marekventur 2011-05-23 16:41:39

2

當轉發上使用iptables Ubuntu的端口,你必須:

  • 使你的防火牆設置的備份

sudo iptables-save > iptables.backup

  • 確保入境口岸是打開

sudo ufw allow 110/tcp

  • 在防火牆中添加PREROUTING規則

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 110 -j REDIRECT --to-port 3306

注意使用-i eth0。這將網絡eth0上的端口110路由到3306。要檢查機器的所有連接,請使用ifconfig
如果您的機器連接到多個網絡,則必須使用-i <network>它不起作用!

  • 如果你陷入困境的東西了,你可以清潔NAT路由表

sudo iptables -F -t nat

或恢復iptables的

sudo iptables-restore < iptables.backup

來源

2012-02-22 05:21:22

相關問題

 相關問題