iptables snat 记录

iptables

# Generated by iptables-save v1.4.7 on Mon Jun 19 11:02:25 2017
*security
:INPUT ACCEPT [428:39712]
:FORWARD ACCEPT [62:5208]
:OUTPUT ACCEPT [514:56376]
COMMIT
# Completed on Mon Jun 19 11:02:25 2017
# Generated by iptables-save v1.4.7 on Mon Jun 19 11:02:25 2017
*raw
:PREROUTING ACCEPT [636:62516]
:OUTPUT ACCEPT [515:56540]
COMMIT
# Completed on Mon Jun 19 11:02:25 2017
# Generated by iptables-save v1.4.7 on Mon Jun 19 11:02:25 2017
*mangle
:PREROUTING ACCEPT [638:62620]
:INPUT ACCEPT [451:46640]
:FORWARD ACCEPT [182:15288]
:OUTPUT ACCEPT [517:56836]
:POSTROUTING ACCEPT [579:62044]
COMMIT
# Completed on Mon Jun 19 11:02:25 2017
# Generated by iptables-save v1.4.7 on Mon Jun 19 11:02:25 2017
*nat
:PREROUTING ACCEPT [247:40018]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j SNAT --to-source 103.249.xx.xx
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE 
COMMIT
# Completed on Mon Jun 19 11:02:25 2017
# Generated by iptables-save v1.4.7 on Mon Jun 19 11:02:25 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [62:5208]
:OUTPUT ACCEPT [77:8740]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT

模快

for i in `ls /lib/modules/2.6.32-431.el6.x86_64/kernel/net/ipv4/netfilter/`; do echo modprobe $i|awk -F'.' '{print $1}'; done

kernel

net.ipv4.ip_forward = 1

拨号

pptpsetup --create test --server 139.129.210.7 --username john1 --password caiwenguang1992 --start

echo "require-mppe-128">>/etc/ppp/peers/test

pppd call test