IPTABLES ингнорирует пакеты на 445 порт

Форум — General

Здраствуйте. Уже неделю пытаюсь настроить обычный домашний роутер, но NAT работает очень странно. С IPTABLES не знаком, поэтому задаю вопрос. Существует ли причины, по которым правила IPTABLES могут игнорироваться? Я прописал на роутере во такие правила:

admin@RT-AC56U:/tmp/home/root# iptables -t raw -L -vn
Chain PREROUTING (policy ACCEPT 231 packets, 20040 bytes)
 pkts bytes target     prot opt in     out     source               destination
   17   908 logpack    all  --  *      *       0.0.0.0/0            192.168.2.0/24

Chain OUTPUT (policy ACCEPT 203 packets, 34784 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain logpack (1 references)
 pkts bytes target     prot opt in     out     source               destination
    6   304 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 7 level 4 prefix "DROP"

На компьютере в качестве шлюза для 192.168.2.0/24 указан IP адрес роутера. Я набираю telnet 192.168.2.222 446 и в логе роутера появлются записи. Набираю telnet 192.168.2.222 445 и в логе роутера ПУСТО. В чём может быть причина? NAT для пакетов на TCP порт 445 не отрабатывает вообще...

Полностью правила:

admin@RT-AC56U:/tmp/home/root# iptables -L -vn -t raw
Chain PREROUTING (policy ACCEPT 1395 packets, 164K bytes)
 pkts bytes target     prot opt in     out     source               destination
   17   908 logpack    all  --  *      *       0.0.0.0/0            192.168.2.0/24

Chain OUTPUT (policy ACCEPT 1388 packets, 236K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain logpack (1 references)
 pkts bytes target     prot opt in     out     source               destination
    6   304 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 7 level 4 prefix "DROP"
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root# iptables -L -vn -t mangle
Chain PREROUTING (policy ACCEPT 17767 packets, 1938K bytes)
 pkts bytes target     prot opt in     out     source               destination
  116 10295 MARK       all  --  !eth0  *       0.0.0.0/0            192.168.0.1          MARK set 0xd001

Chain INPUT (policy ACCEPT 17538 packets, 1914K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 14 packets, 774 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 18413 packets, 18M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 18438 packets, 18M bytes)
 pkts bytes target     prot opt in     out     source               destination
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root# iptables -L -vn -t filter
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
13200 1445K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 1379  291K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5916
 3056  186K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   13   696 DROP       all  --  !br0   eth0    0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
    0     0 ACCEPT     all  --  br0    br0     0.0.0.0/0            0.0.0.0/0
    0     0 DROP       icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate DNAT
    1    78 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 18469 packets, 18M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FUPNP (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain PControls (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logaccept (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "ACCEPT "
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain logdrop (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW LOG flags 7 level 4 prefix "DROP"
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root#
admin@RT-AC56U:/tmp/home/root# iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 2526 packets, 149K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 VSERVER    all  --  *      *       0.0.0.0/0            192.168.0.1

Chain INPUT (policy ACCEPT 2300 packets, 125K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 656 packets, 59647 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 656 packets, 59647 bytes)
 pkts bytes target     prot opt in     out     source               destination
    1    78 MASQUERADE  all  --  *      eth0   !192.168.0.1          0.0.0.0/0
    0     0 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0            mark match 0xd001

Chain LOCALSRV (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain VSERVER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 VUPNP      all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain VUPNP (1 references)
 pkts bytes target     prot opt in     out     source               destination

ABEgorov
(13.09.13 13:39:39 MSK)

12 комментариев

Сообщения ABEgorov

IPTABLES ингнорирует пакеты на 445 порт