|
laomms
发表于 2018-4-1 10:04
来自 泰国
本帖最后由 laomms 于 2018-4-2 11:38 编辑
补充:
添加端口映射表:
先用iptables -v -L INPUT -n --line-numbers查询所有iptables情况:- iptables -v -t nat -L -n --line-numbers
复制代码- admin@RT-AC5300-56A0:/tmp/home/root# iptables -v -L INPUT -n --line-numbers
- Chain INPUT (policy ACCEPT 4304 packets, 798K bytes)
- num pkts bytes target prot opt in out source destination
- 1 65 5109 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
- 2 0 0 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
- 3 15182 2917K INPUT_EasyExplorer all -- * * 0.0.0.0/0 0.0.0.0/0
- 4 15182 2917K INPUT_EasyExplorer all -- * * 0.0.0.0/0 0.0.0.0/0
- 5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1688
复制代码 添加一条iptables:
- iptables -I INPUT 6 -i zt0 -j ACCEPT
复制代码 注意这里的6是继上面5条之后加一条。再看下,已经加进去了:
- admin@RT-AC5300-56A0:/tmp/home/root# iptables -v -L INPUT -n --line-numbers
- Chain INPUT (policy ACCEPT 1164 packets, 256K bytes)
- num pkts bytes target prot opt in out source destination
- 1 79 6117 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
- 2 0 0 DROP icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0
- 3 18024 3524K INPUT_EasyExplorer all -- * * 0.0.0.0/0 0.0.0.0/0
- 4 18024 3524K INPUT_EasyExplorer all -- * * 0.0.0.0/0 0.0.0.0/0
- 5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1688
- 6 10 1431 ACCEPT all -- zt0 * 0.0.0.0/0 0.0.0.0/0
复制代码 重启zerotier:
- killall zerotier-one
- zerotier-one -d
复制代码 还要设置开机加载tun驱动并检测是否运行:
- echo "modprobe tun" >> /jffs/scripts/nat-start
- echo "cru a ZeroTierDaemon "/opt/etc/init.d/S90zerotier-one.sh start"" >> /jffs/scripts/wan-start
复制代码 添加防火墙规则:
- echo "logger -t "custom iptables" "Enter" -p user.notice" >> /jffs/scripts/firewall-start
- echo "iptables -C INPUT -i zt0 -j ACCEPT" >> /jffs/scripts/firewall-start
- echo "if [ $? != 0 ]; then" >> /jffs/scripts/firewall-start
- echo "#iptables -I INPUT -i zt0 -j ACCEPT" >> /jffs/scripts/firewall-start
- echo "#iptables -I INPUT -i zt0 -p icmp -j ACCEPT" >> /jffs/scripts/firewall-start
- echo "iptables -I INPUT 1 -i ppp0 -p icmp -j DROP" >> /jffs/scripts/firewall-start
- echo "iptables -t nat -A PREROUTING -d <span style="color: rgb(68, 68, 68); font-family: Tahoma; background-color: rgb(255, 255, 255);">170.21.0.19</span> -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80" >> /jffs/scripts/firewall-start
- echo "logger -t "custom iptables" "rules added" -p user.notice" >> /jffs/scripts/firewall-start
- echo "else" >> /jffs/scripts/firewall-start
- echo "logger -t "custom iptables" "rules existed skip" -p user.notice" >> /jffs/scripts/firewall-start
- echo "fi" >> /jffs/scripts/firewall-start
复制代码
|
|