Originally Posted by
VadimVB
Я там глянул - возможно я и не прав.
Вывод
iptables -t nat -L -v -n
сюда киньте
И также вывод
iptables -L -v -n
тоже не помешает.
Code:
Chain PREROUTING (policy ACCEPT 14996 packets, 932K bytes)
pkts bytes target prot opt in out source destination
14 1015 VSERVER all -- * * 0.0.0.0/0 Мой внешний IP
0 0 VSERVER all -- * * 0.0.0.0/0 10.1.9.155
0 0 NETMAP udp -- * * 0.0.0.0/0 Мой внешний IP udp spt:6112 192.168.123.0/24
Chain POSTROUTING (policy ACCEPT 32 packets, 1922 bytes)
pkts bytes target prot opt in out source destination
0 0 NETMAP udp -- * * 192.168.123.0/24 0.0.0.0/0 udp dpt:6112 Мой внешний IP/32
0 0 MASQUERADE all -- * ppp0 !Мой внешний IP 0.0.0.0/0
0 0 MASQUERADE all -- * vlan1 !10.1.9.155 0.0.0.0/0
0 0 MASQUERADE all -- * br0 192.168.123.0/24 192.168.123.0/24
Chain OUTPUT (policy ACCEPT 32 packets, 1922 bytes)
pkts bytes target prot opt in out source destination
Chain VSERVER (2 references)
pkts bytes target prot opt in out source destination
8 384 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:192.168.123.16:80
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:192.168.123.11:80
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 to:192.168.123.11:80
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:192.168.123.11:25
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:25 to:192.168.123.11:25
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:192.168.123.11:110
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:110 to:192.168.123.11:110
(192.168.123.11 - IP маил сервера. 192.168.123.16 - IP роутера)
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
553 51702 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
45 2700 logaccept all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
281 104K logaccept all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
10 480 logaccept tcp -- * * 0.0.0.0/0 192.168.123.16 tcp dpt:80
0 0 logaccept tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 logaccept icmp -- * * 0.0.0.0/0 0.0.0.0/0
695 191K logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 logaccept all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 tcpmss match 1361:65535TCPMSS set 1360
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 logdrop all -- !br0 ppp0 0.0.0.0/0 0.0.0.0/0
0 0 logdrop all -- !br0 vlan1 0.0.0.0/0 0.0.0.0/0
0 0 logaccept tcp -- * br0 10.1.9.155 192.168.123.11 tcp spt:80 dpt:80 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 192.168.123.11 tcp spt:25 dpt:25 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 192.168.123.11 tcp spt:110 dpt:110 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 192.168.123.9 tcp spt:2287 dpt:2287 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 192.168.123.16 tcp spt:23 dpt:23 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 0.0.0.0 tcp spt:23 dpt:23 flags:0x3F/0x04
0 0 logaccept tcp -- * br0 10.1.9.155 10.1.9.155 tcp spt:23 dpt:23 flags:0x3F/0x04
0 0 logaccept all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
0 0 logdrop all -- * br0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 903 packets, 206K bytes)
pkts bytes target prot opt in out source destination
Chain MACS (0 references)
pkts bytes target prot opt in out source destination
Chain SECURITY (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burst 5
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5
0 0 RETURN udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5
0 0 logdrop all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logaccept (14 references)
pkts bytes target prot opt in out source destination
336 107K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `ACCEPT '
336 107K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (7 references)
pkts bytes target prot opt in out source destination
695 191K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW LOG flags 7 level 4 prefix `DROP '
695 191K DROP all -- * * 0.0.0.0/0 0.0.0.0/0