可以使用命令行的方式修改 iptables
代码语言:javascript复制[root@pptp-server ~]# iptables --flush POSTROUTING --table nat
[root@pptp-server ~]# iptables --flush FORWARD
[root@pptp-server ~]# iptables -A INPUT -p gre -j ACCEPT
[root@pptp-server ~]# iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
[root@pptp-server ~]# iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE
[root@pptp-server ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
19377 26M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
103 4738 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 156 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 88 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
12 408 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 47 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 82 packets, 8240 bytes)
pkts bytes target prot opt in out source destination
[root@pptp-server ~]# iptables -L -nv -t nat
Chain PREROUTING (policy ACCEPT 1 packets, 46 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.123.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 
