Полная версия этой страницы: Переадресация портов
supervisor2005
Есть сервер с Traffpro enterprise (CentOS release 5.5 ) на нем два канала поднято от двух провайдеров. Не работает переадресация портов. Точнее если указать одинаковый порт снаружи и изнутри локальной сети, то все ок. Если снаружи один порт, а внутри сети другой порт, то не пробрасывает.
Какая нужна информация для помощи, пишите выложу.

Очень нужна помощь.

Sly
Выложите вывод команды

iptables-save -c
supervisor2005
[quote%3DSly]Выложите вывод команды

iptables-save -c


Generated by iptables-save v1.3.5 on Thu Mar 24 08:20:30 2016
*nat
:PREROUTING ACCEPT [179181:11380027]
:POSTROUTING ACCEPT [274702:20229555]
:OUTPUT ACCEPT [271350:20076421]
[0:0] -A PREROUTING -p tcp -m mark --mark 0xfffd -j REDIRECT --to-ports 80
[0:0] -A PREROUTING -p tcp -m mark --mark 0xfffe -j REDIRECT --to-ports 80
[13727:689672] -A PREROUTING -p tcp -m mark --mark 0xffff -j REDIRECT --to-ports 80
[0:0] -A PREROUTING -s 192.168.209.225 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.235 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.38 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.205 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.83 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.232 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.162 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.167 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.209 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.168 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.248 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.234 -p tcp -j ACCEPT
[175:9100] -A PREROUTING -s 192.168.209.169 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.210.9 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.89 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.88 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.87 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.86 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.85 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.84 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.83 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.82 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.81 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.80 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.79 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.78 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.77 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.76 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.75 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.74 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.73 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.72 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.71 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.70 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.69 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.68 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.67 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.66 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.65 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.64 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.63 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.62 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.61 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.60 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.59 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.58 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.57 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.56 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.55 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.54 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.53 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.52 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.51 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.50 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.212.9 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.210.10 -p tcp -j ACCEPT
[200:10400] -A PREROUTING -s 192.168.209.224 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.233 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.213 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.156 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.152 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.216 -p tcp -j ACCEPT
[13:668] -A PREROUTING -s 192.168.209.100 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.209.55 -p tcp -j ACCEPT
[1:52] -A PREROUTING -s 192.168.209.36 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.6 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.110 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.106 -p tcp -j ACCEPT
[0:0] -A PREROUTING -s 192.168.208.82 -p tcp -j ACCEPT
[33:1708] -A PREROUTING -s 192.168.208.19 -p tcp -j ACCEPT
[70:3640] -A PREROUTING -s 192.168.208.9 -p tcp -j ACCEPT
[0:0] -A PREROUTING -d 78.24.28.51 -p tcp -m tcp --dport 7219 -j DNAT --to-destination 192.168.212.19:3389
[53134:2633988] -A PREROUTING -s 192.168.208.0/255.255.240.0 -d ! 192.168.208.20 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
[0:0] -A PREROUTING -d 78.107.25.117 -i eth0 -p tcp -m tcp --dport 7209 -j DNAT --to-destination 192.168.212.9:3389
[0:0] -A PREROUTING -d 78.107.25.117 -i eth0 -p tcp -m tcp --dport 7019 -j DNAT --to-destination 192.168.208.19:3389
[0:0] -A PREROUTING -d 78.107.25.117 -i eth0 -p tcp -m tcp --dport 7077 -j DNAT --to-destination 192.168.208.77:3389
[0:0] -A PREROUTING -d 78.107.25.117 -i eth0 -p tcp -m tcp --dport 7207 -j DNAT --to-destination 192.168.208.7:3389
[0:0] -A PREROUTING -d 78.107.25.117 -i eth0 -p tcp -m tcp --dport 7289 -j DNAT --to-destination 192.168.212.89:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7009 -j DNAT --to-destination 192.168.208.9:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7209 -j DNAT --to-destination 192.168.212.9:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7019 -j DNAT --to-destination 192.168.208.19:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7077 -j DNAT --to-destination 192.168.208.77:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7225 -j DNAT --to-destination 192.168.212.25:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p udp -m udp --dport 7225 -j DNAT --to-destination 192.168.212.25:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7235 -j DNAT --to-destination 192.168.208.235:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7289 -j DNAT --to-destination 192.168.212.89:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7210 -j DNAT --to-destination 192.168.213.100:3389
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7094 -j DNAT --to-destination 192.168.208.94:3389
[589:35340] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 10070 -j DNAT --to-destination 192.168.209.235:10070
[589:35340] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 10071 -j DNAT --to-destination 192.168.209.170:10071
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7219 -j DNAT --to-destination 192.168.212.19:3389
[14239:729494] -A POSTROUTING -s 192.168.208.0/255.255.240.0 -o eth0 -j SNAT --to-source 78.107.25.117
[92610:5781737] -A POSTROUTING -s 192.168.208.0/255.255.240.0 -o eth2 -j SNAT --to-source 78.24.28.51
COMMIT
# Completed on Thu Mar 24 08:20:30 2016
# Generated by iptables-save v1.3.5 on Thu Mar 24 08:20:30 2016
*mangle
:PREROUTING ACCEPT [2004:163346]
:INPUT ACCEPT [8445123:1103966719]
:FORWARD ACCEPT [4209856:2418271713]
:OUTPUT ACCEPT [8761982:3206589003]
:POSTROUTING ACCEPT [1244:191027]
[258:31960] -A PREROUTING -s 192.168.208.0/255.255.240.0 -d 192.168.192.0/255.255.240.0 -j ACCEPT
[0:0] -A PREROUTING -s 192.168.192.0/255.255.240.0 -d 192.168.208.0/255.255.240.0 -j ACCEPT
[23025:2656178] -A PREROUTING -d 192.168.208.0/255.255.240.0 -p tcp -m tcp --dport 80 -j ACCEPT
[522260:38868801] -A PREROUTING -s 192.168.208.0/255.255.240.0 -d ! 192.168.208.20 -p tcp -m tcp --dport 80 -j NFQUEUE --queue-num 0
[0:0] -A PREROUTING -s 192.168.208.0/255.255.240.0 -d ! 192.168.208.20 -p tcp -m tcp --dport 80 -j NFQUEUE --queue-num 0
[31099:14962498] -A PREROUTING -i lo -j ACCEPT
[299099:148095998] -A PREROUTING -i eth0 -j ACCEPT
[0:0] -A PREROUTING -i lo -j ACCEPT
[10044357:3111966909] -A PREROUTING -i eth2 -j ACCEPT
[107166:16303612] -A PREROUTING -d 192.168.208.20 -j ACCEPT
[0:0] -A PREROUTING -i lo -j ACCEPT
[1808183:205783641] -A PREROUTING -j NFQUEUE --queue-num 0
[0:0] -A POSTROUTING -s 192.168.192.0/255.255.240.0 -d 192.168.208.0/255.255.240.0 -j ACCEPT
[258:31960] -A POSTROUTING -s 192.168.208.0/255.255.240.0 -d 192.168.192.0/255.255.240.0 -j ACCEPT
[53584:17581673] -A POSTROUTING -o lo -j ACCEPT
[2536965:915557105] -A POSTROUTING -o eth0 -j ACCEPT
[0:0] -A POSTROUTING -o lo -j ACCEPT
[7336439:2092135769] -A POSTROUTING -o eth2 -j ACCEPT
[311411:362439354] -A POSTROUTING -s 192.168.208.20 -j ACCEPT
[0:0] -A POSTROUTING -o lo -j ACCEPT
[2426815:2221984031] -A POSTROUTING -j NFQUEUE --queue-num 0
COMMIT
# Completed on Thu Mar 24 08:20:30 2016
# Generated by iptables-save v1.3.5 on Thu Mar 24 08:20:30 2016
*filter
:INPUT ACCEPT [1116:105504]
:FORWARD DROP [726:38302]
:OUTPUT ACCEPT [1045:155911]
[297539:29214781] -A INPUT -s 192.168.208.0/255.255.240.0 -d 192.168.208.20 -p tcp -m tcp --dport 3128 -j ACCEPT
[175797:18916134] -A INPUT -i eth1 -j LOG --log-prefix \"BANDWIDTH_IN:\" --log-level 7
[53614:17585624] -A INPUT -i lo -j ACCEPT
[55797:6662528] -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
[144541:80469004] -A INPUT -i eth0 -j NFQUEUE --queue-num 0
[7716992:951036019] -A INPUT -i eth2 -j NFQUEUE --queue-num 0
[175524:18893259] -A INPUT -j ACCEPT
[0:0] -A FORWARD -p tcp -m mark --mark 0xfffd -j DROP
[0:0] -A FORWARD -p tcp -m mark --mark 0xfffe -j DROP
[7:364] -A FORWARD -p tcp -m mark --mark 0xffff -j DROP
[4209121:2418232873] -A FORWARD -j ACCEPT
[462772:314685592] -A OUTPUT -d 192.168.208.0/255.255.240.0 -p tcp -m tcp --sport 3128 -j NFQUEUE --queue-num 0
[152938:62650924] -A OUTPUT -o eth1 -j LOG --log-prefix \"BANDWIDTH_OUT:\" --log-level 7
[53613:17585536] -A OUTPUT -o lo -j ACCEPT
[61713:9252928] -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
[2388185:898379894] -A OUTPUT -o eth0 -j NFQUEUE --queue-num 0
[5641966:1903915266] -A OUTPUT -o eth2 -j NFQUEUE --queue-num 0
[152674:62612899] -A OUTPUT -j ACCEPT
COMMIT
# Completed on Thu Mar 24 08:20:30 2016
Sly
Какой именно порт то не работает?
supervisor2005
[0:0] -A PREROUTING -d 78.24.28.51 -i eth2 -p tcp -m tcp --dport 7219 -j DNAT --to-destination 192.168.212.19:3389
Sly
У вас клиенты к каналам конкретным привязаны?
supervisor2005
Все пользователи ходят по умолчанию через один канал привязка канала в офис плане, через внешний ip 78.24.28.51 второй, резервный 78.107.25.117 .
Sly
У клиентов все порты открыты? Или только конкретные указаны?
supervisor2005
У клиентов определённые порты открыты, в зависимости от группы. Но этот сервер в группе Администраторы.



PS.
На форум скины не заливаются, ошибку пишет.
Warning: move_uploaded_file(../../../../uploads/forum/images/1.jpg): failed to open stream: Permission denied in /var/www/html/free/engine/forum/sources/modules/uploads.php on line 269 Warning: move_uploaded_file(): Unable to move '/tmp/php4UoO11' to '../../../../uploads/forum/images/1.jpg' in /var/www/html/free/engine/forum/sources/modules/uploads.php on line 269
Sly
Для начала проверьте, что бы было снято ограничение по портам. Судя по iptables правила настроены верно.
supervisor2005
[quote%3DSly]Для начала проверьте, что бы было снято ограничение по портам.



Это где искать ограничение по портам.

PS. Предыдущие правила работают.
supervisor2005
Разобрался, офис план нужно было задать.

Спасибо!
Для просмотра полной версии этой страницы, пожалуйста, пройдите по ссылке.