iptables:复制/转发端口 [英] iptables: Duplicating/Forwarding ports
问题描述
我正在尝试从阻止该端口的网络连接到MySQL(端口3306).但是,在这种情况下,我可以使用另一个开放的端口110.我正在将MySQL用于其他应用程序,所以我不能只是简单地更改端口.
I'm trying to connect to MySQL (Port 3306) from a network which blocks this port. But there is another port 110 open which I can use for this case. I'm using MySQL for other applications so I can't just simply change the port.
我现在正在尝试通过iptables设置端口转发.确切地说,我想将110转发到3306,而不会阻止3306.
I'm now trying to set up port forwarding via iptables. To be exact I want to forward 110 to 3306 without blocking 3306.
我花了很多时间进行谷歌搜索,但是我无法正常工作.我也担心将我拒之门外.可以给我一个提示吗?
I've spent a lot of time googling, but I couldn't get it working. I'm also a little worried about locking me out. Can any of you give me a hint?
非常感谢!
#~ iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `INPUT INVALID '
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP all -- anywhere anywhere state INVALID
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
MY_DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:www
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT udp -- anywhere anywhere state NEW udp dpt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:6060
MY_REJECT all -- anywhere anywhere
MY_REJECT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID limit: avg 2/sec burst 5 LOG level warning prefix `OUTPUT INVALID '
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-request
MY_REJECT all -- anywhere anywhere
Chain MY_DROP (7 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP '
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `PORTSCAN DROP '
DROP all -- anywhere anywhere
Chain MY_REJECT (3 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT TCP '
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT UDP '
DROP icmp -- anywhere anywhere
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER '
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `DROP ICMP '
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
DROP icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `REJECT OTHER '
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
推荐答案
这可能有效,未经测试.
This might work, haven't tested it.
iptables -t nat -A PREROUTING -p tcp --dport 110 -j REDIRECT --to-port 3306
这篇关于iptables:复制/转发端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!