[완료]iptables 설정(포트 포워딩) 적용이 안됩니다.
points
기존 서버를(Centos 4.3) 새장비로(Centos 5.0) 이전하면서 기존 설정을 그대로 적용하는데
iptables 설정이 적용이 되지 않습니다.
물론 SELinux는 비활성 시켰습니다.
* 설정(Centos 4.3에서 이상없이 작동되었음)
iptables -A PREROUTING -t nat -p tcp --dport 1231 -j DNAT --to a.a.a.a:80
iptables -A PREROUTING -t nat -p tcp --dport 8001 -j DNAT --to a.a.a.a:8001
iptables -A PREROUTING -t nat -p tcp --dport 8002 -j DNAT --to a.a.a.a:8002
iptables -A PREROUTING -t nat -p tcp --dport 8003 -j DNAT --to a.a.a.a:8003
iptables -A PREROUTING -t nat -p tcp --dport 8004 -j DNAT --to a.a.a.a:8004
iptables -A PREROUTING -t nat -p tcp --dport 8005 -j DNAT --to a.a.a.a:8005
iptables -A PREROUTING -t nat -p tcp --dport 8006 -j DNAT --to a.a.a.a:8006
iptables -A PREROUTING -t nat -p tcp --dport 8007 -j DNAT --to a.a.a.a:8007
iptables -A PREROUTING -t nat -p tcp --dport 1232 -j DNAT --to b.b.b.b:80
iptables -A PREROUTING -t nat -p tcp --dport 8011 -j DNAT --to b.b.b.b:8011
iptables -A PREROUTING -t nat -p tcp --dport 8012 -j DNAT --to b.b.b.b:8012
iptables -A PREROUTING -t nat -p tcp --dport 8013 -j DNAT --to b.b.b.b:8013
iptables -A PREROUTING -t nat -p tcp --dport 8014 -j DNAT --to b.b.b.b:8014
iptables -A PREROUTING -t nat -p tcp --dport 8015 -j DNAT --to b.b.b.b:8015
iptables -A PREROUTING -t nat -p tcp --dport 8016 -j DNAT --to b.b.b.b:8016
iptables -A PREROUTING -t nat -p tcp --dport 8017 -j DNAT --to b.b.b.b:8017
iptables -A PREROUTING -t nat -p tcp --dport 1233 -j DNAT --to c.c.c.c:80
iptables -A PREROUTING -t nat -p tcp --dport 8021 -j DNAT --to c.c.c.c:8021
iptables -A PREROUTING -t nat -p tcp --dport 8022 -j DNAT --to c.c.c.c:8022
iptables -A PREROUTING -t nat -p tcp --dport 8023 -j DNAT --to c.c.c.c:8023
iptables -A PREROUTING -t nat -p tcp --dport 8024 -j DNAT --to c.c.c.c:8024
iptables -A PREROUTING -t nat -p tcp --dport 8025 -j DNAT --to c.c.c.c:8025
iptables -A PREROUTING -t nat -p tcp --dport 8026 -j DNAT --to c.c.c.c:8026
iptables -A PREROUTING -t nat -p tcp --dport 8027 -j DNAT --to c.c.c.c:8027
iptables -A PREROUTING -t nat -p tcp --dport 1234 -j DNAT --to d.d.d.d:80
iptables -A PREROUTING -t nat -p tcp --dport 8031 -j DNAT --to d.d.d.d:8031
iptables -A PREROUTING -t nat -p tcp --dport 8032 -j DNAT --to d.d.d.d:8032
iptables -A PREROUTING -t nat -p tcp --dport 8033 -j DNAT --to d.d.d.d:8033
iptables -A PREROUTING -t nat -p tcp --dport 8034 -j DNAT --to d.d.d.d:8034
iptables -A PREROUTING -t nat -p tcp --dport 8035 -j DNAT --to d.d.d.d:8035
iptables -A PREROUTING -t nat -p tcp --dport 8036 -j DNAT --to d.d.d.d:8036
iptables -A PREROUTING -t nat -p tcp --dport 8037 -j DNAT --to d.d.d.d:8037
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:menandmice-lpm to:a.a.a.a:80
DNAT tcp -- anywhere anywhere tcp dpt:vcom-tunnel to:a.a.a.a:8001
DNAT tcp -- anywhere anywhere tcp dpt:teradataordbms to:a.a.a.a:8002
DNAT tcp -- anywhere anywhere tcp dpt:8003 to:a.a.a.a:8003
DNAT tcp -- anywhere anywhere tcp dpt:8004 to:a.a.a.a:8004
DNAT tcp -- anywhere anywhere tcp dpt:8005 to:a.a.a.a:8005
DNAT tcp -- anywhere anywhere tcp dpt:8006 to:a.a.a.a:8006
DNAT tcp -- anywhere anywhere tcp dpt:8007 to:a.a.a.a:8007
DNAT tcp -- anywhere anywhere tcp dpt:1232 to:b.b.b.b:80
DNAT tcp -- anywhere anywhere tcp dpt:8011 to:b.b.b.b:8011
DNAT tcp -- anywhere anywhere tcp dpt:8012 to:b.b.b.b:8012
DNAT tcp -- anywhere anywhere tcp dpt:8013 to:b.b.b.b:8013
DNAT tcp -- anywhere anywhere tcp dpt:8014 to:b.b.b.b:8014
DNAT tcp -- anywhere anywhere tcp dpt:8015 to:b.b.b.b:8015
DNAT tcp -- anywhere anywhere tcp dpt:8016 to:b.b.b.b:8016
DNAT tcp -- anywhere anywhere tcp dpt:8017 to:b.b.b.b:8017
DNAT tcp -- anywhere anywhere tcp dpt:univ-appserver to:c.c.c.c:80
DNAT tcp -- anywhere anywhere tcp dpt:intu-ec-client to:c.c.c.c:8021
DNAT tcp -- anywhere anywhere tcp dpt:oa-system to:c.c.c.c:8022
DNAT tcp -- anywhere anywhere tcp dpt:8023 to:c.c.c.c:8023
DNAT tcp -- anywhere anywhere tcp dpt:8024 to:c.c.c.c:8024
DNAT tcp -- anywhere anywhere tcp dpt:8025 to:c.c.c.c:8025
DNAT tcp -- anywhere anywhere tcp dpt:8026 to:c.c.c.c:8026
DNAT tcp -- anywhere anywhere tcp dpt:8027 to:c.c.c.c:8027
DNAT tcp -- anywhere anywhere tcp dpt:search-agent to:d.d.d.d:80
DNAT tcp -- anywhere anywhere tcp dpt:8031 to:d.d.d.d:8031
DNAT tcp -- anywhere anywhere tcp dpt:pro-ed to:d.d.d.d:8032
DNAT tcp -- anywhere anywhere tcp dpt:mindprint to:d.d.d.d:8033
DNAT tcp -- anywhere anywhere tcp dpt:8034 to:d.d.d.d:8034
DNAT tcp -- anywhere anywhere tcp dpt:8035 to:d.d.d.d:8035
DNAT tcp -- anywhere anywhere tcp dpt:8036 to:d.d.d.:8036
DNAT tcp -- anywhere anywhere tcp dpt:8037 to:d.d.d.d:8037
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
points
자답입니다.
삽질하다 보니 답이 나오는군요.
centos 5.0으로 가면서 포트포워딩이 기본적으로 막혀 있었군요.
아래와 같이 설정하니까 정상적으로 작동이 되는군요.
echo 1 > /proc/sys/net/ipv4/ip_forward
혹시라도 저와 같은 분들이 있을까봐 남겨 봅니다.