Pri preroutingu v nat tabeli uporabi: -j DNAT --to-destination 192.168.0.10:22
...pri forwardingu v filter tabeli pa: -d 192.168.0.10 -p tcp -m tcp --dport 22 -j ACCEPT ...v kolikor imas forwarding kakor koli onemogocen. lp,B Quoting Bostjan Jerko <[EMAIL PROTECTED]>: > > On Jan 8, 2008, at 10:54 PM, Rok Poto?nik wrote: >> >> ja... al -A al pa se raje -I, ce mas pol kak restriktivn rule k >> onemogoci da pride sploh kak paket do njega v tem chainu... lahk >> posljes >> izpisesk iptables-save (magar privat) pa da vidmo kaj se da narest. >> Drgac pa potrebujes sledece pogoje... >> - ip_forward na 1 >> - rule z DNAT-om >> - ce mas v filter tabeli v forward chainu kje kak DROP, mors se to >> omogocit >> >> naceloma bi moralo delati sledece: >> >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> iptables -t nat -I PREROUTING -p tcp --dport 1025 -j DNAT \ >> --to-destination 192.168.0.10 >> >> iptables -I FORWARD -p tcp --dport 1025 -j ACCEPT >> > > Ostala pravila so: > > iptables -A INPUT -j DROP -p tcp --destination-port domain > iptables -A INPUT -j DROP -p tcp --destination-port smtp > iptables -A INPUT -j DROP -p tcp --destination-port 139 > iptables -A INPUT -j DROP -p tcp --destination-port 250 > > Ampak jaz potrebujem redirect s porta 1025 na port 22. > > LP, > > Bo?tjan > > _______________________________________________ > lugos-list mailing list > [email protected] > http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list > _______________________________________________ lugos-list mailing list [email protected] http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list
