Как настроить iptables для 4g модема??

Question

[LBJ]

Добрый день! Есть вообщем вот такая схемка: антенна-CRC9-4g модем с симкой от мегафона-TP-Link TL-MR3420-шлюз на centos-конечные пользователи. Суть проблемы такова: при смене провайдера(наконец нашли замену ADSL) из внешки стал недоступен сервер ip-камер. Был куплен белый ip у мегафона, в iptables старый ip заменен на новый и в tp-link настроен проброс портов. Тем не менее сервер по-прежнему недоступен. Подскажите, как решить эту проблему?

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 16016 -j ACCEPT

#pptp
-A RH-Firewall-1-INPUT -i ppp0 -p gre -j ACCEPT
-A RH-Firewall-1-INPUT -i ppp0 -p tcp -m tcp --dport 1723 -j ACCEPT

# CLOSING PORTS
################
# PPP0
##########
-A RH-Firewall-1-INPUT -i ppp0 -p tcp -m multiport --dports 21,53,111,139,443,445 -j REJECT --reject-with tcp-reset
-A RH-Firewall-1-INPUT -i ppp0 -p udp -m multiport --dports 21,53,111,139,443,445 -j DROP


# DROP WiFi
-A RH-Firewall-1-INPUT -s 10.1.0.0/16 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.9.1 -d 192.168.10.0/24 -j DROP
-A RH-Firewall-1-INPUT -s 192.168.9.2 -d 192.168.10.0/24 -j DROP


COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

#############
# OUTDOOR
#############

#Dominations
-A PREROUTING -p tcp -d 37.x.x.x --dport 7010 -j DNAT --to-destination 192.168.10.101:7000
-A PREROUTING -p udp -d 37.x.x.x --dport 7010 -j DNAT --to-destination 192.168.10.101:7000
-A PREROUTING -p tcp -d 37.x.x.x --dport 7020 -j DNAT --to-destination 192.168.10.103:7000
-A PREROUTING -p udp -d 37.x.x.x --dport 7020 -j DNAT --to-destination 192.168.10.103:7000

#web Cams 
-A PREROUTING -p tcp -d 37.x.x.x --dport 8080 -j DNAT --to-destination 192.168.10.203:8080
-A PREROUTING -p tcp -d 37.x.x.x --dport 80 -j DNAT --to-destination 192.168.10.203:12000



##############
# Port config   
###########
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p tcp -m tcp -j SNAT --to-source 89.109.34.150
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p udp -m udp -j SNAT --to-source 89.109.34.150
#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o ppp0 -p icmp -m icmp -j SNAT --to-source 89.109.34.150

-A POSTROUTING -s 192.168.10.12 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.12 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.12 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

# так далее для остальных ip


##Administrators

-A POSTROUTING -s 192.168.10.200 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.200 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.200 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

-A POSTROUTING -s 192.168.10.201 -o ppp0 -p tcp -m tcp -j SNAT --to-source 337.x.x.x
-A POSTROUTING -s 192.168.10.201 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.201 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

-A POSTROUTING -s 192.168.10.202 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.202 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.202 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

-A POSTROUTING -s 192.168.10.203 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.203 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.203 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

-A POSTROUTING -s 192.168.10.240 -o ppp0 -p tcp -m tcp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.240 -o ppp0 -p udp -m udp -j SNAT --to-source 37.x.x.x
-A POSTROUTING -s 192.168.10.240 -o ppp0 -p icmp -m icmp -j SNAT --to-source 37.x.x.x

COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

37...-ip от мегафона, 192.168.10.203-сервер камер

Answer 1

[Андрей Буров]

покажите ifconfig -a

Answer 2

[LBJ]

[root@habarskoe sysconfig]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:16:E6:41:9F:19
          inet addr:192.168.10.254  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fdc9:f4db:87d:0:216:e6ff:fe41:9f19/64 Scope:Global
          inet6 addr: fe80::216:e6ff:fe41:9f19/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11614796 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6379071 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1010862634 (964.0 MiB)  TX bytes:721947957 (688.5 MiB)
          Interrupt:18

eth0:1    Link encap:Ethernet  HWaddr 00:16:E6:41:9F:19
          inet addr:192.168.9.254  Bcast:192.168.9.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18

gre0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-E1-AA-00-00-00-00-00-00-00-00
          NOARP  MTU:1476  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:83116 errors:0 dropped:0 overruns:0 frame:0
          TX packets:83116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8325416 (7.9 MiB)  TX bytes:8325416 (7.9 MiB)