From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <chelroot74@mail.ru>
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,SPF_PASS
	autolearn=ham version=3.2.5
From: Vitalik Salomatin <chelroot74@mail.ru>
To: community@lists.altlinux.org
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: 10.0.0.99 via proxy [81.89.95.114]
Date: Fri, 26 Sep 2008 09:17:18 +0400
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E1Kj5he-000ODE-00.chelroot74-mail-ru@f53.mail.ru>
X-Spam: Not detected
X-Mras: OK
Subject: [Comm] =?koi8-r?b?68HLIM/UzcXOydTYINDSz8LSz9vFzs7ZyiDQz9LUPw==?=
X-BeenThere: community@lists.altlinux.org
X-Mailman-Version: 2.1.10b3
Precedence: list
Reply-To: Vitalik Salomatin <chelroot74@mail.ru>,
	ALT Linux Community general discussions
	<community@lists.altlinux.org>
List-Id: ALT Linux Community general discussions <community.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/community>
List-Post: <mailto:community@lists.altlinux.org>
List-Help: <mailto:community-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/community>,
	<mailto:community-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Sep 2008 05:17:19 -0000
Archived-At: <http://lore.altlinux.org/community/E1Kj5he-000ODE-00.chelroot74-mail-ru@f53.mail.ru/>
List-Archive: <http://lore.altlinux.org/community/>
List-Post: <mailto:mandrake-russian@linuxteam.iplabs.ru>

Допустим я пробросил 80 порт снаружи через сервер на копм внутри 
сети
iptables -t nat -A PREROUTING -d 11.11.11.61 -p 
tcp --destination-port 80 -j DNAT --to-destination 10.0.0.112

А как отменить только это правило? (http)

Я знаю, что так

iptables -t nat -D POSTROUTING 2

можно отменить 2 правило в моем примере изнутри


# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             77.247.212.61       tcp 
dpt:ssh to:10.0.0.112
DNAT       tcp  --  anywhere             77.247.212.61       tcp 
dpt:http to:10.0.0.112

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  0    --  10.0.0.4             anywhere
MASQUERADE  0    --  10.0.0.112             anywhere


А как только HTTP, оставив например ssh?

Спасибо.