iptables 求助

nop · 发表于 2012-12-26 11:38:08

一键包装的pptp/l2tp 现在ipsec验证 xl2tp等服务都正常，就是l2tp连不上（678），应该是iptables 的问题，求高手解惑

# Generated by iptables-save v1.3.5 on Tue Dec 25 19:26:00 2012
*nat

REROUTING ACCEPT [1:40]

OSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.8.8
-A PREROUTING -p udp -m udp --dport 53 -j DNAT --to-destination 8.8.4.4
-A POSTROUTING -s 10.10.77.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.88.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.99.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.10.77.0/255.255.255.0 -j SNAT --to-source 173.254.240.1
-A POSTROUTING -s 10.10.88.0/255.255.255.0 -j SNAT --to-source 173.254.240.1
-A POSTROUTING -s 10.10.99.0/255.255.255.0 -j SNAT --to-source 173.254.240.1
COMMIT
# Completed on Tue Dec 25 19:26:00 2012
# Generated by iptables-save v1.3.5 on Tue Dec 25 19:26:00 2012
*filter
:INPUT ACCEPT [51501:66947707]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [28105:2455938]
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A INPUT -d 173.254.240.1 -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -d 173.254.240.1 -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -d 173.254.240.1 -p udp -m udp --dport 1701 -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
COMMIT
# Completed on Tue Dec 25 19:26:00 2012

		自动登录	找回密码
密码			立即注册