受不了包so i've decided to give up on the iptables but if you'd like to help debug then here's the config. yes, they're executed in order by wg-quickPostUp = iptables -A INPUT -p tcp -m multiport --dports 22,8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j ACCEPT PostUp = iptables -A INPUT -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j ACCEPT PostUp = iptables -A INPUT -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j ACCEPT # PostUp = iptables -A INPUT -j REJECT PostUp = iptables -A FORWARD -p tcp -m multiport --dports 8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j ACCEPT PostUp = iptables -A FORWARD -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j ACCEPT PostUp = iptables -A FORWARD -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j ACCEPT # PostUp = iptables -A FORWARD -j REJECT PostUp = iptables -t nat -A PREROUTING -p tcp -m multiport --dports 8889,1883,1935,25565,443,5222,5223,5269,5443,80,8384,8887 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A PREROUTING -p tcp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A PREROUTING -p udp -m multiport --dports 22000,4001,56460,58846,64738,8080,8883,8888,21027,3478,51820 -j DNAT --to-destination 10.10.10.2 PostUp = iptables -t nat -A POSTROUTING -d 10.10.10.2 -j SNAT --to-source 10.10.10.1 PostDown = iptables -t nat -F PostDown = iptables -Funcommenting any of the commented lines will completely torpedo the connection. I know for a fact that there isn't a problem with the multiport syntax because it works for the POSTROUTING rules.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.