ïåðåñòàë ðàáîòàòü ïðîáðîñ ïîðòîâ

[oradba]

ïî íåïîíÿòíîé ïîêà ïðè÷èíå âäðóã (ïîñëå ïîëóãîäà ñòàáèëüíîé ðàáîòû) ïåðåñòàëè ïðîáðàñûâàòüñÿ ïîðòû ñíàðóæè.

 /usr/local/sbin/post-firewall ïðîïèñàíî:

#!/bin/sh

# iptables -t nat -I PREROUTING -i vlan1 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.7:22
# iptables -I FORWARD -i vlan1 -p tcp --syn --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
# iptables -t nat -I PREROUTING -i vlan1 -p tcp --dport 25 -j DNAT --to-destination 192.168.1.7:25
# iptables -I FORWARD -i vlan1 -p tcp --syn --dport 25 -j ACCEPT
iptables -t nat -I PREROUTING -i vlan1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:7777
iptables -I FORWARD -i vlan1 -p tcp --syn --dport 80 -j ACCEPT
# iptables -t nat -I PREROUTING -i vlan1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.7:80
# iptables -I FORWARD -i vlan1 -p tcp --syn --dport 80 -j ACCEPT
# iptables -t nat -I PREROUTING -i vlan1 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.7:443
# iptables -I FORWARD -i vlan1 -p tcp --syn --dport 443 -j ACCEPT

Ðàáîòàåò òîëüêî ssh ñíàðóæè íà ñàì ðîóòåð. Ïðîáðîñ ëþáûõ ïîðòîâ - íå ðàáîòàåò. Íà âåá-èíòåðôåéñ :8080 òîæå ìîãó çàõîäèòü íîðìàëüíî ñíàðóæè

Ñ ïåðåïóãó îáíîâèë ïðîøèâêó ñ --> f , íî äåëî íå â ýòîì. Íà ñòàðîé âñå ðàáîòàëî ñòàáèëüíî ïîëãîäà. Ïîäñêàæèòå, ÷òî åùå ìîæíî/íóæíî ïðîâåðèòü èëè äèàãíîñòèðîâàòü.

[Oleg]

Óçíàòüó ïðîâàéäåðà, íå íà÷àë ëè îí ôèëüòðîâàòü òðàôèê.

[oradba]

Óçíàòüó ïðîâàéäåðà, íå íà÷àë ëè îí ôèëüòðîâàòü òðàôèê.

ÿ âåäü çàõîæó íà âåá-èíòåðôåéñ è ïî ssh íà ðîóòåð ñíàðóæè! Íå ðàáîòàåò èìåííî ïðîáðîñ ïîðòîâ.