내 같은 외모의 iptables는 - 저장 :iptables. MASQUERADE가 작동하지 않습니까?
# Generated by iptables-save v1.4.21 on Wed Sep 17 16:42:32 2014
*nat
:PREROUTING ACCEPT [489:32439]
:INPUT ACCEPT [459:30062]
:OUTPUT ACCEPT [569:39257]
:POSTROUTING ACCEPT [26:1755]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Sep 17 16:42:32 2014
# Generated by iptables-save v1.4.21 on Wed Sep 17 16:42:32 2014
*filter
:INPUT ACCEPT [14662:3083395]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15653:7915049]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth2 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i eth2 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth2 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i lo -o lo -j ACCEPT
-A FORWARD -i eth2 -o eth2 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth2 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth2 -o ppp0 -m state --state NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Sep 17 16:42:32 2014
다른 세 개의 테이블, security
, mangle
및 raw
가 비어 있습니다.
라우터는 우분투입니다 : 리눅스 우분투 3.13.0-30 제네릭 # 54 - 우분투 SMP 월 6월 9일 세계 협정시 22시 45분 1초 2014 x86_64에의 x86_64에의 x86_64의 GNU/리눅스
[email protected]:/# lsmod | grep table
iptable_security 12705 0
ip6table_raw 12683 0
ip6table_mangle 12700 0
ip6table_filter 12815 0
ip6_tables 27025 3 ip6table_filter,ip6table_mangle,ip6table_raw
iptable_raw 12678 0
iptable_mangle 12695 1
iptable_nat 13011 1
nf_nat_ipv4 13263 1 iptable_nat
nf_nat 21798 4 ipt_MASQUERADE,nf_nat_ipv4,xt_REDIRECT,iptable_nat
nf_conntrack 96976 6 ipt_MASQUERADE,nf_nat,nf_nat_ipv4,xt_conntrack,iptable_nat,nf_conntrack_ipv4
iptable_filter 12810 1
ip_tables 27239 5 iptable_security,iptable_filter,iptable_mangle,iptable_nat,iptable_raw
x_tables 34059 17 iptable_security,ip6table_filter,ip6table_mangle,xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_owner,xt_conntrack,iptable_filter,ip6table_raw,xt_CLASSIFY,ipt_REJECT,xt_REDIRECT,iptable_mangle,ip6_tables,iptable_raw
내가에서 노력하고있어 클라이언트가 eth2
에 인터넷을 탐색, 그것은 작동하지만, 부분적으로. Google 검색 엔진에 대한 액세스 권한을 얻을 수 있습니다. 그러나 네트워크의 일부는 그렇지 않습니다. Google의 모든 사이트가 열리는 것은 아닙니다.
예를 들어 www.google.com
은 사용할 수 있지만 www.speedtest.net
은 사용할 수 없습니다.
그것은 끊었처럼 보이는 : 그러나
[email protected]:/# wget -O - www.speedtest.net
--2014-09-17 09:43:09-- http://www.speedtest.net/
Resolving www.speedtest.net (www.speedtest.net)... 93.184.219.82
Connecting to www.speedtest.net (www.speedtest.net)|93.184.219.82|:80... connected.
HTTP request sent, awaiting response... Read error (Connection timed out) in headers.
Retrying.
--2014-09-17 10:09:56-- (try: 2) http://www.speedtest.net/
Connecting to www.speedtest.net (www.speedtest.net)|93.184.219.82|:80... connected.
HTTP request sent, awaiting response...
...
...
, 나는 www.speedtest.net
Ping 할 수 있습니다 :
[email protected]:/# ping www.speedtest.net
PING cs62.adn.edgecastcdn.net (93.184.219.82) 56(84) bytes of data.
64 bytes from 93.184.219.82: icmp_req=1 ttl=57 time=93.0 ms
64 bytes from 93.184.219.82: icmp_req=2 ttl=57 time=93.0 ms
64 bytes from 93.184.219.82: icmp_req=3 ttl=57 time=93.3 ms
64 bytes from 93.184.219.82: icmp_req=4 ttl=57 time=93.0 ms
64 bytes from 93.184.219.82: icmp_req=5 ttl=57 time=93.1 ms
그리고 www.google.com
를 접근 : 클라이언트 측에서
[email protected]:/# wget -O - www.google.com
--2014-09-17 09:48:05-- http://www.google.com/
Resolving www.google.com (www.google.com)... 173.194.32.18, 173.194.32.16, 173.194.32.20, ...
Connecting to www.google.com (www.google.com)|173.194.32.18|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://www.google.ru/?gfe_rd=cr&ei=1VgZVPTqNOfJ8ge20oCQDg [following]
--2014-09-17 09:48:05-- http://www.google.ru/?gfe_rd=cr&ei=1VgZVPTqNOfJ8ge20oCQDg
Resolving www.google.ru (www.google.ru)... 173.194.32.23, 173.194.32.15, 173.194.32.24, ...
Connecting to www.google.ru (www.google.ru)|173.194.32.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `STDOUT'
의 iptables가 비어 .
어디서 잘못 되었나요?