Home
Categories
WIKI
Topic
User
LANGUAGE:
中文
English
VPS配置VPN之后,客户机无法上网
Experiences and Insight
864
views ·
2
replies ·
To
floor
Go
mnday
deepin
2015-08-31 19:06
Author
Hi,
本人在VPS中配置了VPN服务,现在客户端可以连接,我觉得PPTPD服务没有问题。无法上网我觉得是iptables规则有误,各位能否帮忙看看我的转发规则是否正确呢?谢谢。
# Generated by iptables-save v1.4.7 on Mon Aug 31 01:54:12 2015
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.9.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Aug 31 01:54:12 2015
# Generated by iptables-save v1.4.7 on Mon Aug 31 01:54:12 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:3060]
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 47 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -m tcp --dport 47 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Aug 31 01:54:12 2015
Copy the Code
Reply
Like 0
Favorite
View the author
All Replies
pjbright
deepin
2015-09-01 05:25
#1
目测,53已经包含,DNS没有被墙。你客户机可以试试用IP上网,PING VPS的DNS试试
Reply
Like 0
View the author
mnday
deepin
2015-09-01 19:27
#2
问题已解决。删除两条reject规则就work了。
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
Reply
Like 0
View the author
Please
sign
in first
New Thread
Popular Events
More
中文 
deepin deepin deepin 
deepin 
本人在VPS中配置了VPN服务,现在客户端可以连接,我觉得PPTPD服务没有问题。无法上网我觉得是iptables规则有误,各位能否帮忙看看我的转发规则是否正确呢?谢谢。