请教iptable的远程登陆
情况:网关地址slackware linux 10.2版本
网关地址192.168.0.254
adsl拨号上网,用了如下的脚本做网关,为什么从公网连不上我的网关,是哪里配置不对么?
(内部网可以出去,也可以连到0.254的机器,0.254可以连到公网,但是想从公网ssh回来就不行,
ssh端口是打开的)
root@lenn:~# cat gateway.sh
#!/bin/sh
#
# The interface that connect Internet
EXTIF="ppp0"
INIF="eth2"
INNET="192.168.0.254/24"
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
iptables -X
iptables -A FORWARD -p udp -j ACCEPT
iptables -A FORWARD -p tcp -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i $INIF -j ACCEPT
echo "1">/proc/sys/net/ipv4/ip_forward
echo "0">/proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1">/proc/sys/net/ipv4/conf/eth2/proxy_arp
echo "8184000">/proc/sys/net/ipv4/ip_conntrack_max
echo "1024">/proc/sys/net/ipv4/neigh/default/gc_thresh1
echo "2048">/proc/sys/net/ipv4/neigh/default/gc_thresh2
echo "4096">/proc/sys/net/ipv4/neigh/default/gc_thresh3
iptables -t nat -A POSTROUTING -s $INNET -o $EXTIF -j MASQUERADE
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 22 -j DNAT --to 192.168.0.254
页:
[1]