История изменений
Исправление kostik87, (текущая версия) :
iptables-save
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*nat
:PREROUTING ACCEPT [7594:651036]
:INPUT ACCEPT [287:24479]
:OUTPUT ACCEPT [178:13786]
:POSTROUTING ACCEPT [157:11653]
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
-A POSTROUTING -s 10.47.17.0/24 ! -d 10.47.17.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*filter
:INPUT DROP [5307:529652]
:FORWARD ACCEPT [26939:11360072]
:OUTPUT ACCEPT [2321409:586983635]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth0:3 -j ACCEPT
-A INPUT -i eth0:5 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -s 87.229.137.104/32 -i ppp0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5650 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 7410 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10051 -j ACCEPT
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*mangle
:PREROUTING ACCEPT [3381322:1013836923]
:INPUT ACCEPT [3335387:995540736]
:FORWARD ACCEPT [38965:17758051]
:OUTPUT ACCEPT [2975552:790680771]
:POSTROUTING ACCEPT [3014785:808473750]
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
Скажи, что проще написать:
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018 [br]
*nat[br]
:PREROUTING ACCEPT [7594:651036] [br]
:INPUT ACCEPT [287:24479] [br]
:OUTPUT ACCEPT [178:13786] [br]
...
или
[code]
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*nat
:PREROUTING ACCEPT [7594:651036]
:INPUT ACCEPT [287:24479]
:OUTPUT ACCEPT [178:13786]
...
[/code]
?
UPD:
А так, по сути, пинги у тебя с сервера и не будут работать. У тебя стоит политика ":INPUT DROP" в таблице filter, далее ты разрешаешь часть пакетов по портам, но среди этих разрешений нет разрешения для входящих icmp пакетов, адресованных именно серверу.
В iptables разделяются транзитные пакеты, которые приходят на шлюз и адресованы хостам, к примеру, за NAT и пакеты, которые приходят на шлюз, но адресованы шлюзу, это и будут пакеты, которые попадают в INPUT, транзитные пакеты попадают в FORWARD.
Исходная версия kostik87, :
iptables-save
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*nat
:PREROUTING ACCEPT [7594:651036]
:INPUT ACCEPT [287:24479]
:OUTPUT ACCEPT [178:13786]
:POSTROUTING ACCEPT [157:11653]
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
-A POSTROUTING -s 10.47.17.0/24 ! -d 10.47.17.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 ! -d 192.168.5.0/24 -j MASQUERADE
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*filter
:INPUT DROP [5307:529652]
:FORWARD ACCEPT [26939:11360072]
:OUTPUT ACCEPT [2321409:586983635]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth0:3 -j ACCEPT
-A INPUT -i eth0:5 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -s 87.229.137.104/32 -i ppp0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 445 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 5650 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 7410 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --dport 10051 -j ACCEPT
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*mangle
:PREROUTING ACCEPT [3381322:1013836923]
:INPUT ACCEPT [3335387:995540736]
:FORWARD ACCEPT [38965:17758051]
:OUTPUT ACCEPT [2975552:790680771]
:POSTROUTING ACCEPT [3014785:808473750]
COMMIT
# Completed on Sat Feb 10 17:00:30 2018
Скажи, что проще написать:
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018 [br]
*nat[br]
:PREROUTING ACCEPT [7594:651036] [br]
:INPUT ACCEPT [287:24479] [br]
:OUTPUT ACCEPT [178:13786] [br]
...
или
[code]
# Generated by iptables-save v1.4.21 on Sat Feb 10 17:00:30 2018
*nat
:PREROUTING ACCEPT [7594:651036]
:INPUT ACCEPT [287:24479]
:OUTPUT ACCEPT [178:13786]
...
[/code]
?