IPTables: DNAT는 내가 정의한 모든 포트에서 작동합니다(443(HTTPS) 제외).

IPTables: DNAT는 내가 정의한 모든 포트에서 작동합니다(443(HTTPS) 제외).

내 IPTables에 이미 콘텐츠가 있지만 무엇이 생성되었는지 잘 모르겠습니다.

특정 포트에 대한 트래픽을 가상 머신의 내부 브리지 어댑터로 보냅니다.

내가 정의한 모든 포트는 443을 제외하고 작동합니다. 443의 작동을 방해하는 것은 무엇입니까?

내 IPTables 구성:

*mangle
:PREROUTING ACCEPT [790:89144]
:INPUT ACCEPT [696:84869]
:FORWARD ACCEPT [94:4275]
:OUTPUT ACCEPT [532:331824]
:POSTROUTING ACCEPT [626:336099]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Sep 28 16:44:01 2022
# Generated by iptables-save v1.8.7 on Wed Sep 28 16:44:01 2022
*filter
:INPUT ACCEPT [696:84869]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [532:331824]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
-A INPUT -j LIBVIRT_INP
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -d 192.168.122.122/32 -p tcp -m tcp --dport 8123 -j ACCEPT
-A FORWARD -d 192.168.122.122/32 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -d 192.168.122.122/32 -p tcp -m tcp --dport 4357 -j ACCEPT
-A FORWARD -d 192.168.122.122/32 -p tcp -m tcp --dport 1883 -j ACCEPT
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
COMMIT
# Completed on Wed Sep 28 16:44:01 2022
# Generated by iptables-save v1.8.7 on Wed Sep 28 16:44:01 2022
*nat
:PREROUTING ACCEPT [9:468]
:INPUT ACCEPT [9:468]
:OUTPUT ACCEPT [40:2528]
:POSTROUTING ACCEPT [60:3568]
:LIBVIRT_PRT - [0:0]
-A PREROUTING -d 192.168.20.112/32 -p tcp -m tcp --dport 1883 -j DNAT --to-destination 192.168.122.122:1883
-A PREROUTING -d 192.168.20.112/32 -p tcp -m tcp --dport 4357 -j DNAT --to-destination 192.168.122.122:4357
-A PREROUTING -d 192.168.20.112/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.122.122:443
-A PREROUTING -d 192.168.20.112/32 -p tcp -m tcp --dport 8123 -j DNAT --to-destination 192.168.122.122:8123
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Sep 28 16:44:01 2022

관련 정보