透明防火牆不能訪問HTTP和HTTPS

Question

的iptables -L輸出：

[root@itsys ~]# iptables -L 
Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain FORWARD (policy DROP) 
target  prot opt source    destination   
ACCEPT  all -- anywhere    anywhere   state RELATED,ESTABLISHED 
DROP  all -- anywhere    anywhere   state INVALID 
ACCEPT  udp -- anywhere    anywhere   udp spt:bootpc dpt:bootps 
ACCEPT  udp -- anywhere    anywhere   udp spt:bootps dpt:bootpc 
ACCEPT  tcp -- anywhere    anywhere   tcp dpt:http 
ACCEPT  tcp -- anywhere    anywhere   tcp dpt:https 
ACCEPT  icmp -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere   PHYSDEV match --physdev-in eth0 
ACCEPT  tcp -- 172.16.16.113  anywhere   tcp dpt:http 
ACCEPT  tcp -- 172.16.16.113  anywhere   tcp dpt:https 

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination 

這裏是Linux透明橋設置：eth0的連接到開關和eth1連接到試驗機（172.16.16.113）。我無法通過測試機器上的站點訪問http網站，但可以通過ip地址訪問相同的站點。在HTTPS站點不能訪問任何

Answer 1

添加DNS正向然後確定
的iptables -A FORWARD -p tcp的-s 172.16.16.0/24 --dport 53 -j ACCEPT