Всем привет. Есть правила в iptalbles на хосте c tun0 [10.8.0.6] и enp0s25 [10.0.121.5]
[root@fedorahost ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 214 packets, 20051 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 14 packets, 483 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- tun0 enp0s25 0.0.0.0/0 0.0.0.0/0 udp dpt:7011
7 245 ACCEPT udp -- enp0s25 tun0 0.0.0.0/0 0.0.0.0/0 udp dpt:7011
0 0 ACCEPT udp -- enp0s25 tun0 0.0.0.0/0 0.0.0.0/0 udp dpt:7700
1 188 ACCEPT udp -- tun0 enp0s25 0.0.0.0/0 0.0.0.0/0 udp dpt:7700
Chain OUTPUT (policy ACCEPT 172 packets, 82904 bytes)
pkts bytes target prot opt in out source destination
[root@fedorahost ~]# iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 4 packets, 804 bytes)
pkts bytes target prot opt in out source destination
2 60 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:7011 to:10.0.121.8:7000
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 to:10.0.121.2:3389
1 188 DNAT udp -- * * 10.8.0.0/24 0.0.0.0/0 udp dpt:7700 to:10.0.121.8:7700
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 248 MASQUERADE all -- * enp0s25 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * tun0 0.0.0.0/0 0.0.0.0/0
tun0 interface
10:08:58.497766 IP (tos 0x0, ttl 63, id 13586, offset 0, flags [DF], proto UDP (17), length 188)
10.8.0.14.7700 > 10.8.0.6.7700: [udp sum ok] UDP, length 160
0x0000: 4500 00bc 3512 4000 3f11 f1fb 0a08 000e E...5.@.?.......
0x0010: 0a08 0006 1e14 1e14 00a8 7d58 8064 9f15 ..........}X.d..
0x0020: 0000 0000 ac7a 2405 4100 0000 0000 0000 .....z$.A.......
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0000 0000 0000 ............
10:02:22.601014 IP (tos 0x0, ttl 62, id 28979, offset 0, flags [DF], proto UDP (17), length 188)
10.0.121.5.1024 > 10.0.121.8.7700: [udp sum ok] UDP, length 160
0x0000: 4500 00bc 7133 4000 3e11 c4f0 0a00 7905 E...q3@.>.....y.
0x0010: 0a00 7908 0400 1e14 00a8 63c8 8064 e0cf ..y.......c..d..
0x0020: 0000 0000 ac7a 2405 4100 0000 0000 0000 .....z$.A.......
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x00b0: 0000 0000 0000 0000 0000 0000
Мне нужно, чтобы пакет с 10.0.121.5 выходил из порта 7700, а не из 1024 и проходил ту же самую цепочку обратно. ЧЯДНТ?
