From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kaf@nevod.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00 autolearn=ham
	version=3.2.5
Message-ID: <48DC73A4.3010201@nevod.ru>
Date: Fri, 26 Sep 2008 11:31:16 +0600
From: =?KOI8-R?Q?=EB=CF=D3=D4=C1=D2=C5=D7_=E1=CC=C5=CB=D3=C5=CA?=
	<kaf@nevod.ru>
User-Agent: Thunderbird 2.0.0.14 (X11/20080508)
MIME-Version: 1.0
To: Vitalik Salomatin <chelroot74@mail.ru>,
	ALT Linux Community general discussions <community@lists.altlinux.org>
References: <E1Kj5he-000ODE-00.chelroot74-mail-ru@f53.mail.ru>
In-Reply-To: <E1Kj5he-000ODE-00.chelroot74-mail-ru@f53.mail.ru>
Content-Type: text/plain; charset=KOI8-R; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [Comm] =?koi8-r?b?68HLIM/UzcXOydTYINDSz8LSz9vFzs7ZyiDQz9LUPw==?=
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: ALT Linux Community general discussions
	<community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2008 05:31:32 -0000
Archived-At: <http://lore.altlinux.org/community/48DC73A4.3010201@nevod.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

Vitalik Salomatin пишет:
> Допустим я пробросил 80 порт снаружи через сервер на копм внутри 
> сети
> iptables -t nat -A PREROUTING -d 11.11.11.61 -p 
> tcp --destination-port 80 -j DNAT --to-destination 10.0.0.112
>
> А как отменить только это правило? (http)
>   
Прошу прощения - букву перепутал

iptables -t nat -D PREROUTING -d 11.11.11.61 -p tcp --destination-port 80 -j DNAT --to-destination 10.0.0.112


> Я знаю, что так
>
> iptables -t nat -D POSTROUTING 2
>
> можно отменить 2 правило в моем примере изнутри
>
>
> # iptables -t nat -L
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> DNAT       tcp  --  anywhere             77.247.212.61       tcp 
> dpt:ssh to:10.0.0.112
> DNAT       tcp  --  anywhere             77.247.212.61       tcp 
> dpt:http to:10.0.0.112
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> MASQUERADE  0    --  10.0.0.4             anywhere
> MASQUERADE  0    --  10.0.0.112             anywhere
>
>
> А как только HTTP, оставив например ssh?
>
> Спасибо.
>
>
> _______________________________________________
> community mailing list
> community@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/community


-- 
С Уважением
Директор ООО НЕВОД
Костарев А.Ф.