Добрый день. Есть ASUS WL-500gP V2 с прошивкой 1.9.2.7-10.7. +HDD.
Интернет по PPoE, статический IP + DDNS.
Фаервол включен, создаю фильтры отключены (лан-ван, ван-лан).
В Virtual Server
Port Range Local IP Local Port Protocol Protocol No. Description
22 192.168.1.1 22 tcp ssh
192.168.1.1 - роутер
применить, рестарт, но порт закрыт.
единственный порт открытый наружу 8080
Code:
$iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere asusw500gpv2 tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:printer
ACCEPT tcp -- anywhere anywhere tcp dpt:laserjet
ACCEPT tcp -- anywhere anywhere tcp dpt:3838
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
Chain SECURITY (0 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
RETURN udp -- anywhere anywhere limit: avg 5/sec burst 5
RETURN icmp -- anywhere anywhere limit: avg 5/sec burst 5
DROP all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP all -- anywhere anywhere
Code:
$iptables-save
# Generated by iptables-save v1.2.7a on Fri Jan 25 00:03:09 2013
*nat
:PREROUTING ACCEPT [12098:732571]
:POSTROUTING ACCEPT [158:9498]
:OUTPUT ACCEPT [159:9892]
:VSERVER - [0:0]
-A PREROUTING -d 188.168.171.1 -j VSERVER
-A POSTROUTING -s ! 188.168.171.1 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -o br0 -j MASQUERADE
-A VSERVER -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.1.1:80
-A VSERVER -p udp -m udp --dport 38951 -j DNAT --to-destination 192.168.1.2:38951
-A VSERVER -p tcp -m tcp --dport 38951 -j DNAT --to-destination 192.168.1.2:38951
-A VSERVER -p udp -m udp --dport 64987 -j DNAT --to-destination 192.168.1.2:64987
-A VSERVER -p udp -m udp --dport 19012 -j DNAT --to-destination 192.168.1.2:19012
-A VSERVER -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1:53
-A VSERVER -p tcp -m tcp --dport 23 -j DNAT --to-destination 192.168.1.1:23
COMMIT
# Completed on Fri Jan 25 00:03:09 2013
# Generated by iptables-save v1.2.7a on Fri Jan 25 00:03:09 2013
*mangle
:PREROUTING ACCEPT [18956:2068847]
:INPUT ACCEPT [17277:1429287]
:FORWARD ACCEPT [1652:638189]
:OUTPUT ACCEPT [6116:2866906]
:POSTROUTING ACCEPT [8604:3814580]
COMMIT
# Completed on Fri Jan 25 00:03:09 2013
# Generated by iptables-save v1.2.7a on Fri Jan 25 00:03:09 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [89:4272]
:OUTPUT ACCEPT [6048:2841636]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -d 192.168.1.1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m tcp --dport 515 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3838 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o ppp0 -j DROP
-A FORWARD -i ! br0 -o vlan1 -j DROP
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN
-A SECURITY -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Fri Jan 25 00:03:10 2013
Code:
$ ifconfig -a
br0 Link encap:Ethernet HWaddr BC:AE:C5:C5:12:01
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3805 errors:0 dropped:0 overruns:0 frame:0
TX packets:5367 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:453329 (442.7 Kb) TX bytes:3280892 (3.1 Mb)
eth0 Link encap:Ethernet HWaddr BC:AE:C5:C5:12:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13606 errors:0 dropped:0 overruns:0 frame:0
TX packets:2515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1623787 (1.5 Mb) TX bytes:760243 (742.4 Kb)
Interrupt:4 Base address:0x1000
eth1 Link encap:Ethernet HWaddr BC:AE:C5:C5:12:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3800 errors:0 dropped:0 overruns:0 frame:197
TX packets:5490 errors:36 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:506049 (494.1 Kb) TX bytes:3351162 (3.1 Mb)
Interrupt:13 Base address:0x5000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:1854 errors:0 dropped:0 overruns:0 frame:0
TX packets:1854 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:158400 (154.6 Kb) TX bytes:158400 (154.6 Kb)
ppp0 Link encap:Point-to-Point Protocol
inet addr:188.168.171.1 P-t-P:188.168.168.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:13120 errors:0 dropped:0 overruns:0 frame:0
TX packets:861 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1197137 (1.1 Mb) TX bytes:189539 (185.0 Kb)
sit0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
vlan0 Link encap:Ethernet HWaddr BC:AE:C5:C5:12:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1062 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:378339 (369.4 Kb)
vlan1 Link encap:Ethernet HWaddr BC:AE:C5:C5:12:01
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13606 errors:0 dropped:0 overruns:0 frame:0
TX packets:1449 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1378879 (1.3 Mb) TX bytes:381616 (372.6 Kb)
Подскажите, что не так?