есть шлюз 192.168.7.1
есть комп с двумя интерфейсами: eth0 192.168.7.177 bnep0, pand0 192.168.0.1
проблема: не могу подключить bluetooth устройство к инету, если не закоментирую последние три строки:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
а если закоментирую их то все работает:
#!/bin/bash
clear
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F
iptables -t filter -F
#samba
iptables -A INPUT -i eth0 -m pkttype --pkt-type broadcast -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp -m multiport --dports 139,445 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m udp -m multiport --dports 137,138 -j ACCEPT
#ssh
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
#vnc
iptables -A INPUT -p tcp --dport 5900 -m state --state NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 5901 -m state --state NEW -j ACCEPT
#ssh 80
iptables -t nat -I PREROUTING -p tcp --dport 80 -d 192.168.7.177 -j DNAT --to 192.168.7.1:80
iptables -I FORWARD -p tcp -d 192.168.7.1 --dport 80 -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#http 55->192.168.7.222:22
iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A FORWARD -p tcp -d 192.168.7.222 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 192.168.7.177 --dport 55 -j DNAT --to-destination 192.168.7.222:22
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
#iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP
