firefox(私有模式)在 apache httpd 上通过 WAN(但不是 LAN)超时
[英]firefox (private mode) times out on apache httpd via WAN (but not LAN)
问题描述
我遇到了一个奇怪的问题,本地网络服务器在通过 LAN 地址进行私人/正常浏览时都可以正常加载,但在 Firefox 的私人浏览中通过 WAN 访问较大页面时会超时。
网址是: http://fluxions.dydx.ie:1338
我不确定这个怪癖是否归因于 iptables 或 firefox 的私人浏览。 safari 在私有模式下加载,但速度很慢。
在私人浏览(WAN)中:
较小的页面(~60ish MB [lol] 页面)没有超时,但对于较大的页面,它似乎在超时之前花费了固定的时间(~3-5s)。
客户端无法在超时前的固定时间内下载较大的页面,从而导致错误。
在正常浏览中根本没有超时
在尝试非私有模式之前,我看到了这个: https://serverfault.com/questions/463951/apache-available-on-lan-but-get-timeout-over-internet
但海报的解决方案对我不起作用,禁用防火墙也没有。
我正在使用连接跟踪器,所以也许它与这些设置之一有关?
什么样的设置可以导致 wan 链接在某个固定时间“引爆”而不影响 lan/local 链接?
这是我的 iptables output
root@DD-WRT:~# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
11793 1580K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
10693 3265K ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 DROP icmp -- vlan2 * 0.0.0.0/0 0.0.0.0/0
84 3024 DROP 2 -- vlan2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- vlan2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
2 120 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
4050 1090K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
105K 50M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7277 911K upnp all -- * * 0.0.0.0/0 0.0.0.0/0
7277 911K lan2wan all -- * * 0.0.0.0/0 0.0.0.0/0
112 6196 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
7165 905K ACCEPT all -- br0 vlan2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * vlan2 192.168.1.0/24 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT 47 -- * vlan2 192.168.1.0/24 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.x tcp dpts:1337:1339
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.x udp dpts:1337:1339
0 0 TRIGGER all -- vlan2 br0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- br0 * 0.0.0.0/0 0.0.0.0/0
0 0 TRIGGER all -- vlan2 eth2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 eth3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- eth3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eth3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 vlan1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- vlan1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- vlan1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra2 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra4 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra4 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra4 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 ra5 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- ra5 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ra5 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai2 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai4 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai4 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai4 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 rai5 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- rai5 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- rai5 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 apcli0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- apcli0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- apcli0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 apclii0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- apclii0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- apclii0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wds0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wds0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wds0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wds1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wds1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wds1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wds2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wds2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wds2 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wds3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wds3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wds3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wdsi0 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wdsi0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wdsi0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wdsi1 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wdsi1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wdsi1 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wdsi2 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wdsi2 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wdsi2 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 TRIGGER all -- vlan2 wdsi3 0.0.0.0/0 0.0.0.0/0 TRIGGER type:in match:0 relate:0
0 0 trigger_out all -- wdsi3 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- wdsi3 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 852 packets, 123K bytes)
pkts bytes target prot opt in out source destination
18555 9307K ACCEPT all -- * br0 0.0.0.0/0 0.0.0.0/0
Chain logaccept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
Chain trigger_out (26 references)
pkts bytes target prot opt in out source destination
Chain upnp (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9020
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9030
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9031
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9032
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9033
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.30 tcp dpt:49840
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.30 udp dpt:49840
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9020
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9030
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9031
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9032
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9033
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.30 tcp dpt:62510
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.30 udp dpt:62510
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9020
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9030
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9031
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9032
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9033
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9020
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9030
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9031
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9032
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9033
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.36 tcp dpt:38133
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9035
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.37 udp dpt:7777
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.37 udp dpt:3544
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9010
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.7 tcp dpt:9020
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9030
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9031
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9032
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9033
0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.7 udp dpt:9035
和规则文件:
root@DD-WRT:~# cat /tmp/.ipt
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p icmp -d EXTERNALIP -j DNAT --to-destination 192.168.1.1
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 39464 -j DNAT --to-destination 192.168.1.7:9010
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 33354 -j DNAT --to-destination 192.168.1.7:9020
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 34431 -j DNAT --to-destination 192.168.1.7:9030
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 34158 -j DNAT --to-destination 192.168.1.7:9031
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 34578 -j DNAT --to-destination 192.168.1.7:9032
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 36133 -j DNAT --to-destination 192.168.1.7:9033
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 49840 -j DNAT --to-destination 192.168.1.30:49840
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 49840 -j DNAT --to-destination 192.168.1.30:49840
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 33108 -j DNAT --to-destination 192.168.1.7:9010
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 31962 -j DNAT --to-destination 192.168.1.7:9020
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 31073 -j DNAT --to-destination 192.168.1.7:9030
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 33469 -j DNAT --to-destination 192.168.1.7:9031
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 30165 -j DNAT --to-destination 192.168.1.7:9032
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 35436 -j DNAT --to-destination 192.168.1.7:9033
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 62510 -j DNAT --to-destination 192.168.1.30:62510
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 62510 -j DNAT --to-destination 192.168.1.30:62510
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 37430 -j DNAT --to-destination 192.168.1.7:9010
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 38718 -j DNAT --to-destination 192.168.1.7:9020
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 36183 -j DNAT --to-destination 192.168.1.7:9030
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 38906 -j DNAT --to-destination 192.168.1.7:9031
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 34410 -j DNAT --to-destination 192.168.1.7:9032
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 31409 -j DNAT --to-destination 192.168.1.7:9033
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 38282 -j DNAT --to-destination 192.168.1.7:9010
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 36432 -j DNAT --to-destination 192.168.1.7:9020
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 33594 -j DNAT --to-destination 192.168.1.7:9030
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 33383 -j DNAT --to-destination 192.168.1.7:9031
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 31561 -j DNAT --to-destination 192.168.1.7:9032
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 31892 -j DNAT --to-destination 192.168.1.7:9033
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 34001 -j DNAT --to-destination 192.168.1.36:38133
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 39345 -j DNAT --to-destination 192.168.1.7:9035
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 7777 -j DNAT --to-destination 192.168.1.37:7777
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 3544 -j DNAT --to-destination 192.168.1.37:3544
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 30652 -j DNAT --to-destination 192.168.1.7:9010
-A PREROUTING -i vlan2 -p tcp -d EXTERNALIP --dport 37339 -j DNAT --to-destination 192.168.1.7:9020
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 31595 -j DNAT --to-destination 192.168.1.7:9030
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 30996 -j DNAT --to-destination 192.168.1.7:9031
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 30586 -j DNAT --to-destination 192.168.1.7:9032
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 39147 -j DNAT --to-destination 192.168.1.7:9033
-A PREROUTING -i vlan2 -p udp -d EXTERNALIP --dport 34492 -j DNAT --to-destination 192.168.1.7:9035
-A PREROUTING -p tcp -d EXTERNALIP --dport 1337:1339 -j DNAT --to-destination 192.168.1.9
-A PREROUTING -p udp -d EXTERNALIP --dport 1337:1339 -j DNAT --to-destination 192.168.1.9
-A PREROUTING -d EXTERNALIP -j TRIGGER --trigger-type dnat
-A POSTROUTING -s 192.168.1.1/24 -o vlan2 -j SNAT --to-source EXTERNALIP
-A POSTROUTING -o br0 -m pkttype --pkt-type broadcast -j RETURN
-A POSTROUTING -o br0 -s 192.168.1.1/24 -d 192.168.1.1/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:trigger_out - [0:0]
:upnp - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
:grp_11 - [0:0]
:advgrp_11 - [0:0]
:grp_12 - [0:0]
:advgrp_12 - [0:0]
:grp_13 - [0:0]
:advgrp_13 - [0:0]
:grp_14 - [0:0]
:advgrp_14 - [0:0]
:grp_15 - [0:0]
:advgrp_15 - [0:0]
:grp_16 - [0:0]
:advgrp_16 - [0:0]
:grp_17 - [0:0]
:advgrp_17 - [0:0]
:grp_18 - [0:0]
:advgrp_18 - [0:0]
:grp_19 - [0:0]
:advgrp_19 - [0:0]
:grp_20 - [0:0]
:advgrp_20 - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i vlan2 -p udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -i br0 -j ACCEPT
-A INPUT -i vlan2 -p icmp -j DROP
-A INPUT -i vlan2 -p igmp -j DROP
-A INPUT -i vlan2 -p tcp --dport 113 -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -o br0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j upnp
-A FORWARD -j lan2wan
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -i br0 -o vlan2 -j ACCEPT
-A FORWARD -o vlan2 -s 192.168.1.1/24 -p tcp --dport 1723 -j ACCEPT
-A FORWARD -o vlan2 -s 192.168.1.1/24 -p gre -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9010 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9020 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9030 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9031 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9032 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9033 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.30 --dport 49840 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.30 --dport 49840 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9010 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9020 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9030 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9031 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9032 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9033 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.30 --dport 62510 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.30 --dport 62510 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9010 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9020 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9030 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9031 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9032 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9033 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9010 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9020 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9030 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9031 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9032 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9033 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.36 --dport 38133 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9035 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.37 --dport 7777 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.37 --dport 3544 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9010 -j ACCEPT
-A upnp -p tcp -m tcp -d 192.168.1.7 --dport 9020 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9030 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9031 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9032 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9033 -j ACCEPT
-A upnp -p udp -m udp -d 192.168.1.7 --dport 9035 -j ACCEPT
-A FORWARD -p tcp -m tcp -d 192.168.1.9 --dport 1337:1339 -j ACCEPT
-A FORWARD -p udp -m udp -d 192.168.1.9 --dport 1337:1339 -j ACCEPT
-A FORWARD -i vlan2 -o br0 -j TRIGGER --trigger-type in
-A FORWARD -i br0 -j trigger_out
-A FORWARD -i vlan2 -o eth2 -j TRIGGER --trigger-type in
-A FORWARD -i eth2 -j trigger_out
-A FORWARD -i eth2 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o eth3 -j TRIGGER --trigger-type in
-A FORWARD -i eth3 -j trigger_out
-A FORWARD -i eth3 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o vlan1 -j TRIGGER --trigger-type in
-A FORWARD -i vlan1 -j trigger_out
-A FORWARD -i vlan1 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra0 -j TRIGGER --trigger-type in
-A FORWARD -i ra0 -j trigger_out
-A FORWARD -i ra0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra1 -j TRIGGER --trigger-type in
-A FORWARD -i ra1 -j trigger_out
-A FORWARD -i ra1 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra2 -j TRIGGER --trigger-type in
-A FORWARD -i ra2 -j trigger_out
-A FORWARD -i ra2 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra3 -j TRIGGER --trigger-type in
-A FORWARD -i ra3 -j trigger_out
-A FORWARD -i ra3 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra4 -j TRIGGER --trigger-type in
-A FORWARD -i ra4 -j trigger_out
-A FORWARD -i ra4 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o ra5 -j TRIGGER --trigger-type in
-A FORWARD -i ra5 -j trigger_out
-A FORWARD -i ra5 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai0 -j TRIGGER --trigger-type in
-A FORWARD -i rai0 -j trigger_out
-A FORWARD -i rai0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai1 -j TRIGGER --trigger-type in
-A FORWARD -i rai1 -j trigger_out
-A FORWARD -i rai1 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai2 -j TRIGGER --trigger-type in
-A FORWARD -i rai2 -j trigger_out
-A FORWARD -i rai2 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai3 -j TRIGGER --trigger-type in
-A FORWARD -i rai3 -j trigger_out
-A FORWARD -i rai3 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai4 -j TRIGGER --trigger-type in
-A FORWARD -i rai4 -j trigger_out
-A FORWARD -i rai4 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o rai5 -j TRIGGER --trigger-type in
-A FORWARD -i rai5 -j trigger_out
-A FORWARD -i rai5 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o apcli0 -j TRIGGER --trigger-type in
-A FORWARD -i apcli0 -j trigger_out
-A FORWARD -i apcli0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o apclii0 -j TRIGGER --trigger-type in
-A FORWARD -i apclii0 -j trigger_out
-A FORWARD -i apclii0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wds0 -j TRIGGER --trigger-type in
-A FORWARD -i wds0 -j trigger_out
-A FORWARD -i wds0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wds1 -j TRIGGER --trigger-type in
-A FORWARD -i wds1 -j trigger_out
-A FORWARD -i wds1 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wds2 -j TRIGGER --trigger-type in
-A FORWARD -i wds2 -j trigger_out
-A FORWARD -i wds2 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wds3 -j TRIGGER --trigger-type in
-A FORWARD -i wds3 -j trigger_out
-A FORWARD -i wds3 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wdsi0 -j TRIGGER --trigger-type in
-A FORWARD -i wdsi0 -j trigger_out
-A FORWARD -i wdsi0 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wdsi1 -j TRIGGER --trigger-type in
-A FORWARD -i wdsi1 -j trigger_out
-A FORWARD -i wdsi1 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wdsi2 -j TRIGGER --trigger-type in
-A FORWARD -i wdsi2 -j trigger_out
-A FORWARD -i wdsi2 -m state --state NEW -j ACCEPT
-A FORWARD -i vlan2 -o wdsi3 -j TRIGGER --trigger-type in
-A FORWARD -i wdsi3 -j trigger_out
-A FORWARD -i wdsi3 -m state --state NEW -j ACCEPT
-A FORWARD -i br0 -m state --state NEW -j ACCEPT
-A FORWARD -j DROP
-A logaccept -j ACCEPT
-A logdrop -j DROP
-A logreject -p tcp -j REJECT --reject-with tcp-reset
COMMIT
root@DD-WRT:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 104.xx.xx.1 0.0.0.0 UG 0 0 0 vlan2
104.xx.xx.0 0.0.0.0 255.255.252.0 U 0 0 0 vlan2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
这太奇怪了。
0 个解决方案
httpd 未显示/使用 apache 的最新版本(通过 brew)
[英]httpd not showing/using most updated version of apache (via brew)
ServerSignature关闭时是否可以找到Apache HTTPD的版本?
[英]It is possible to find out the version of Apache HTTPD when ServerSignature is off?
通过SSL在Apache httpd后面的Tomcat(httpd有效,tomcat返回错误500)
[英]Tomcat behind Apache httpd via SSL (httpd works, tomcat returns error 500)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
apache虚拟主机重定向流量在LAN中有效,但在WAN中无效
Tomcat CometProcessor NIO通过Apache httpd服务?
运行wamp通过lan或wan和root网站
通过Apache 2.2 httpd.conf进行GWT缓存配置?
通过C-Panel修改Apache httpd.conf文件
httpd 未显示/使用 apache 的最新版本(通过 brew)
ServerSignature关闭时是否可以找到Apache HTTPD的版本?
apache httpd 日志:过滤掉包含字符串的行
通过SSL在Apache httpd后面的Tomcat(httpd有效,tomcat返回错误500)
通过自定义ServerName使LAN上的Apache服务器可用
相关标签