если это чем-то поможет, то вот небольшой листинг
Code:
[root]$ iptables -L -v -n
Chain INPUT (policy ACCEPT 6037 packets, 781K bytes)
pkts bytes target prot opt in out source destination
3 204 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
6321 2984K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
176 10560 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
1063 392K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
Chain FORWARD (policy ACCEPT 171 packets, 9630 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
138 6624 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 TCPMSS clamp to PMTU
5597 2967K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 DROP all -- !br0 ppp0 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- !br0 vlan1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
Chain OUTPUT (policy ACCEPT 7310 packets, 1525K bytes)
pkts bytes target prot opt in out source destination
Chain MACS (0 references)
pkts bytes target prot opt in out source destination
Chain SECURITY (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burs
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burs
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `ACC
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `DRO
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Code:
[root]$ iptables -L -vxn -t nat
Chain PREROUTING (policy ACCEPT 1919 packets, 342530 bytes)
pkts bytes target prot opt in out source destination
34 1685 VSERVER all -- * * 0.0.0.0/0 189.xxx.xxx.xxx
0 0 VSERVER all -- * * 0.0.0.0/0 10.yyy.yyy.yyy
0 0 NETMAP udp -- * * 0.0.0.0/0 189.xxx.xxx.xxx udp spt:6112 192.168.1.0/24
Chain POSTROUTING (policy ACCEPT 218 packets, 13352 bytes)
pkts bytes target prot opt in out source destination
0 0 NETMAP udp -- * * 192.168.1.0/24 0.0.0.0/0 udp dpt:6112 xxx.xxx.xxx.xxx/32
161 9057 MASQUERADE all -- * ppp0 !189.xxx.xxx.xxx 0.0.0.0/0
0 0 MASQUERADE all -- * vlan1 !10.yyy.yyy.yyy 0.0.0.0/0
0 0 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
Chain OUTPUT (policy ACCEPT 218 packets, 13352 bytes)
pkts bytes target prot opt in out source destination
Chain VSERVER (2 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8697 to:192.168.1.2:8697
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8759 to:192.168.1.2:8759
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28417 to:192.168.1.2:28417
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:33231 to:192.168.1.2:33231
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672 to:192.168.1.2:4672
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662 to:192.168.1.2:4662
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:192.168.1.250:22
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 to:192.168.1.251:5223
0 0 DNAT 47 -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.1.2
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1723 to:192.168.1.2:1723
Команды
Code:
iptables -I FORWARD -p 47 -j ACCEPT
iptables -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
к искомому результату не приводят. Увы.