客户要求通过WAN口访问web界面,且自定义端口,在本站论坛的各位高人悉心指导下终于得到解决
iptables -t nat -I PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j REDIRECT --to-ports 80
转换eth1(WAN口)的8080端口访问到80端口
但在默认配置编译出来的内核,无法执行 REDIRECT 这个模块
iptable 命令有些模块是默认关闭的,要在内核配置里开启才可以用
(Realtek SDK)
linux_menuconfig - Networking support -Networking options-Network packet filtering framework (Netfilter) --->此处有许多targget match ...可以添加
以下是iptables执行的代码片段,以便日后查阅
-
int Port=0, wan_port1 = 0, wan_port2 = 0;
-
apmib_get( MIB_WEB_WAN_ACCESS_ENABLED, (void *)&intVal);
-
apmib_get( MIB_WAN_WEB_PORT1, (void *)&wan_port1);
-
apmib_get( MIB_WAN_WEB_PORT2, (void *)&wan_port2);
-
Port = (wan_port1<<8)^wan_port2;
-
if(intVal==1){
-
//printf("\n%s_%d__oldport:%d,port:%d\n",__FILE__,__LINE__,old_port,intVal1);
-
char portStr[10];
-
RunSystemCmd(NULL_FILE, Iptables, ADD, INPUT, _protocol, _tcp, dport, "80:80", in, pInterface, _dest, WanIpAddr, jump, ACCEPT, NULL_STR);
-
if(old_port!=0){//删除之前的两条旧规则以免冲突
-
sprintf(portStr,"%d",old_port);
-
RunSystemCmd(NULL_FILE, Iptables, _table, nat_table, DEL, PREROUTING, in, pInterface, _protocol, _tcp, dport, portStr, jump, REDIRECT, "--to-ports", "80", NULL_STR);
-
RunSystemCmd(NULL_FILE, Iptables, _table, nat_table, DEL, PREROUTING, in, pInterface, _protocol, _tcp, dport, "80", jump, REDIRECT, "--to-ports", portStr, NULL_STR);
-
-
}
-
-
if(intVal1!=80){// add by Zuo 20130524 ,转换wan口访问web端口号
-
sprintf(portStr,"%d",Port);
-
RunSystemCmd(NULL_FILE, Iptables, _table, nat_table, INSERT, PREROUTING, in, pInterface, _protocol, _tcp, dport, portStr, jump, REDIRECT, "--to-ports", "80", NULL_STR);
-
RunSystemCmd(NULL_FILE, Iptables, _table, nat_table, INSERT, PREROUTING, in, pInterface, _protocol, _tcp, dport, "80", jump, REDIRECT, "--to-ports", portStr, NULL_STR);
-
old_port=Port;//每次转换端口都记录下端口号,为了下次更改端口号之后删除之前的转换规则
-
-
}
-
-
}else{
-
RunSystemCmd(NULL_FILE, Iptables, ADD, INPUT, _protocol, _tcp, dport, "80:80", in, pInterface, _dest, WanIpAddr, jump, DROP, NULL_STR);
-
}
特别感谢版主 的耐心。
以此记方便后查者
阅读(4217) | 评论(0) | 转发(0) |
