Answer the question
In order to leave comments, you need to log in
L
L
LBJ2015-08-12 15:51:57
LBJ, 2015-08-12 15:51:57
How to configure iptables for 4g modem??
Good afternoon! In general, there is such a scheme: antenna-CRC9-4g modem with a SIM card from a megaphone-TP-Link TL-MR3420-gateway to centos-end users. The essence of the problem is as follows: when changing the provider (finally found a replacement for ADSL), the ip-camera server became unavailable from the outside. A white ip was bought from a megaphone, the old ip was replaced with a new one in iptables, and port forwarding was configured in tp-link. However, the server is still unavailable. Tell me how to solve this problem?
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 16016 -j ACCEPT
#pptp
-A RH-Firewall-1-INPUT -i ppp0 -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -i ppp0 -p tcp -m tcp --dport 1723 -j ACCEPT
# CLOSING PORTS
################
# PPP0
##########
-A RH-Firewall-1-INPUT -i ppp0 -p tcp -m multiport --dports 21,53,111,139,443,445 -j REJECT --reject-with tcp-reset
-A RH-Firewall-1-INPUT -i ppp0 -p udp -m multiport --dports 21,53,111,139,443,445 -j DROP
# DROP WiFi
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.9.1 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.9.2 -d 192.168.10.0/24 -j DROP
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
#############
# OUTDOOR
#############
#Dominations
-A PREROUTING -p tcp -d 37.x.x.x --dport 7010 -j DNAT --to-destination 192.168.10.101:7000
-A PREROUTING -p udp -d 37.x.x.x --dport 7010 -j DNAT --to-destination 192.168.10.101:7000
-A PREROUTING -p tcp -d 37.x.x.x --dport 7020 -j DNAT --to-destination 192.168.10.103:7000
-A PREROUTING -p udp -d 37.x.x.x --dport 7020 -j DNAT --to-destination 192.168.10.103:7000
#web Cams
-A PREROUTING -p tcp -d 37.x.x.x --dport 8080 -j DNAT --to-destination 192.168.10.203:8080
-A PREROUTING -p tcp -d 37.x.x.x --dport 80 -j DNAT --to-destination 192.168.10.203:12000
##############
# Port config
###########
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p tcp -m tcp -j SNAT --to-source 89.109.34.150
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p udp -m udp -j SNAT --to-source 89.109.34.150
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p icmp -m icmp -j SNAT --to-source 89.109.34.150
-A POSTROUTING -s 192.168.10.12 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.12 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.12 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
# так далее для остальных ip
##Administrators
-A POSTROUTING -s 192.168.10.200 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.200 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.200 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.201 -o ppp0 -p tcp -m tcp -j SNAT --to-source 337.x.x.x
-A POSTROUTING -s 192.168.10.201 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.201 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.202 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.202 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.202 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.203 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.203 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.203 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.240 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.240 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.240 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT37...-ip from megaphone, 192.168.10.203-camera server
2 answer(s)
@LBJ
L
LBJ, 2015-08-12 @LBJ
[[email protected] sysconfig]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:16:E6:41:9F:19
inet addr:192.168.10.254 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fdc9:f4db:87d:0:216:e6ff:fe41:9f19/64 Scope:Global
inet6 addr: fe80::216:e6ff:fe41:9f19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11614796 errors:0 dropped:0 overruns:0 frame:0
TX packets:6379071 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1010862634 (964.0 MiB) TX bytes:721947957 (688.5 MiB)
Interrupt:18
eth0:1 Link encap:Ethernet HWaddr 00:16:E6:41:9F:19
inet addr:192.168.9.254 Bcast:192.168.9.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:18
gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-E1-AA-00-00-00-00-00-00-00-00
NOARP MTU:1476 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:83116 errors:0 dropped:0 overruns:0 frame:0
TX packets:83116 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8325416 (7.9 MiB) TX bytes:8325416 (7.9 MiB)
Similar questions
L
A
T
D
O
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question