iproute/iptables anomalija? [andrws @ 2010-07-29 15:26:49] — Newsgroups.lt

Tema: iproute/iptables anomalija?

Autorius: andrws

Data: 2010-07-29 15:26:49

Sveiki,
stovi linux deze su 7iais tinklo interfeisais- keturiems vietiniams tinklams 
dalina interneta.
iptables atrode mazdaug taip:
$IPT -t filter -A FORWARD -i eth0 -s 192.168.4.0/24 -j ACCEPT
$IPT -t filter -A FORWARD -i eth2 -s 192.168.2.0/24 -j ACCEPT
$IPT -t filter -A FORWARD -i eth3 -s 192.168.1.0/24 -j ACCEPT
$IPT -t filter -A FORWARD -i eth5 -s 192.168.5.0/24 -j ACCEPT
$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth6 -j SNAT --to-source 
1.2.3.4
$IPT -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth6 -j SNAT --to-source 
1.2.3.4
$IPT -t nat -A POSTROUTING -s 192.168.4.0/24 -o eth6 -j SNAT --to-source 
1.2.3.4
$IPT -t nat -A POSTROUTING -s 192.168.5.0/24 -o eth6 -j SNAT --to-source 
1.2.3.4

Vienas tinklas uzsinorejo naudotis nuosava interneto linija, tiekejas atvede 
atskira kabeli, pajungiam ant eth1 ip-2.3.4.4, gw-2.3.4.5
Padariau taip:
echo 200 mc >> /etc/iproute2/rt_tables
ip rule add from 192.168.1.0/24 lookup mc
ip route add default via 2.3.4.5 dev eth1 table mc
iptables scripte dadejau:
$IPT -t filter -A FORWARD -i eth1 -s 192.168.1.0/24 -j ACCEPT
ir pakeiciau
$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth6 -j SNAT --to-source 
1.2.3.4
i
$IPT -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source 
2.3.4.4

rezultatas: puse 192.168.1.0/24 kompu puikiausiai eina i interneta nauju 
keliu.
kita puse kompu- nebepingina i gatewejaus ip- 192.168.1.254 ir nebemato jo 
net arp lentelese, nors is jo pacio sekmingai gauna dhcp setingus. is gw 
irgi nesimato tu kompu.

sekantis etapas- suvedu visu ip po viena:
ip rule add from 192.168.1.1 lookup mc
......
ip rule add from 192.168.1.20 lookup mc
ip route add default via 2.3.4.5 dev eth1 table mc
$IPT -t filter -A FORWARD -i eth1 -s 192.168.1.0/24 -j ACCEPT
$IPT -t nat -A POSTROUTING -s 192.168.1.1 -o eth1 -j SNAT --to-source 
2.3.4.4
......
$IPT -t nat -A POSTROUTING -s 192.168.1.20 -o eth1 -j SNAT --to-source 
2.3.4.4
ir viskas pinginasi, routinasi ir veikia :)

klausimas- wtf, kodel nurodzius visa potinkli neveikia, ir kaip padaryti, 
kad veiktu nesuvedinejant po viena ip?

3D astronomy agriculture audio autos autos.audi autos.audio autos.binaries autos.bmw autos.club autos.ford autos.hondacrx autos.japan autos.mercedes autos.opel autos.sport autos.volvo autos.vw avia avia.binaries bankcards binaries books building cinema commerce comp.hardware comp.software comp.lietuvinimas comp.networks culture darbas.ieskau darbas.siulau design economics electronics fauna fauna.aqua fauna.binaries fishing flora foto foto.binaries games games.cs games.online gsm gurmanai humour humour.binaries internet law microsoft moto music music.binaries music.instruments music.LT.binaries navigacija php politics programming rpg sport studying sveikata talk test translation transportation travel travel.binaries tv unix video video.binaries watersports www www.flash pda autos.supermama.lt mobile darbas retro.3D retro.agriculture retro.astronomy retro.audio retro.autos retro.autos.audi retro.autos.audio retro.autos.binaries retro.autos.bmw retro.autos.club retro.autos.ford retro.autos.hondacrx retro.autos.japan retro.autos.mercedes retro.autos.opel retro.autos.sport retro.autos.supermama retro.autos.supermama.lt retro.autos.volvo retro.autos.vw retro.avia retro.avia.binaries retro.bankcards retro.beos retro.binaries retro.books retro.building retro.cinema retro.commerce retro.comp retro.comp.hardware retro.comp.lietuvinimas retro.comp.networks retro.comp.software retro.culture retro.darbas retro.darbas.ieskau retro.darbas.siulau retro.design retro.economics retro.electronics retro.e-vejas retro.fauna retro.fauna.aqua retro.fauna.binaries retro.fishing retro.flora retro.foto retro.foto.binaries retro.games retro.games.cs retro.games.online retro.games.rpg retro.genealogija retro.gsm retro.gurmanai retro.humour retro.humour.binaries retro.internet retro.YZF retro.YZF.nebuk retro.YZF.nebuk.netikintis retro.YZF.nebuk.netikintis.buk retro.YZF.nebuk.netikintis.buk.tikintis retro.law retro.microsoft retro.mobile retro.moto retro.music retro.music.binaries retro.music.instruments retro.music.LT retro.music.LT.binaries retro.navigacija retro.news retro.news.taisykles retro.newuser retro.pda retro.php retro.politics retro.programming retro.rpg retro.sport retro.studying retro.sveikata retro.talk retro.translation retro.transportation retro.travel retro.travel.binaries retro.tv retro.unix retro.video retro.video.binaries retro.watersports retro.www retro.www.flash diy lt.rkm.news.announce lt.rkm.news.newuser

+TUN\TAP openvpnIdomu2010-08-25 10:59

+if-up.d/mountnfs[eth0]paprastas2010-08-20 02:42

+naujoko klDiskai2010-08-17 15:39

+kaip matyti win particijaDiskai2010-08-16 02:39

+Keistas noras apie spam folderiBilibobas2010-08-12 10:14

+Visio alternatyva linux'e?Giedrius2010-08-05 09:39

+kas turit krištolinį rutulį?Ingodas Vytrastas2010-08-02 13:58

+sveikinimai, gerbiamieji!Igaliotinis2010-07-30 13:22

-iproute/iptables anomalija?andrws2010-07-29 15:26

Re: iproute/iptables anomalija?Justas P2010-07-29 16:40

Re: iproute/iptables anomalija?andrws2010-07-29 17:00

Re: iproute/iptables anomalija?Reaver2010-07-29 16:35

Re: iproute/iptables anomalija?andrws2010-07-29 17:52

+HP pavilion ir MAC OSŽąsinas2010-07-28 22:43

+Koks analogas ICQ linuxeLaks2010-07-26 13:18

+sms gatewaylens2010-07-19 19:58

+neina nukopijuoti bylosVelokoraptus2010-07-19 19:30

+kibibyte ?GP2010-07-16 15:23

+lm-sensorsdonisg2010-07-07 10:00

+pigus pci sata controlerishangover2010-07-02 12:54

+Desktop OSmix2010-06-18 17:13

+IP kamerosklwn2010-06-14 12:48

+Mirkciojantys klavieturos diodaiLevas2010-06-10 21:15

FileETag none neisijungiaFeniksas2010-06-09 11:26

+kaip gtk file dialoge uzdeti dydzio stulpeli?nerijus2010-06-08 17:01

+Klausimas pamastymams apie virtualizacijahangover2010-06-07 22:31

Penktadienis, arba gudraus softo grimasosvytjon2010-06-04 20:28

+Davical, gal kas naudojat ?Didzkis2010-06-03 16:30

+file integrity verificationAndrius2010-05-28 18:58

+Q: phpmyadmin idomybeatlaikes antanas2010-05-27 14:14

+server backuptobias2010-05-26 18:16

100Lt. SKUBIAI parduodu dokumentu naikiklisimc2010-05-24 21:28

+Naminio srotinio serverio upgreidas. Ar verta?Levas2010-05-20 18:58

+linux šalia xpolis2010-05-20 14:56

+ linux distribucija vps serveriui?Feniksas2010-05-18 17:15

+samba is ubuntumix2010-05-14 12:16

+mailscanner ubuntu10.04marius2010-05-13 15:06

Bricscad V10 LinuxMaug Lee2010-05-12 17:27

+linux instaliavimasArunas-X2010-05-12 16:25

+bad sector remapolis2010-05-03 09:22

multicast pokyciai linux kerneliuoseKestas.2010-05-01 13:08

+del ubuntu naujos versijosAMB2010-04-29 21:27

+Q: problema su linux dezeMonas2010-04-28 15:36

+Cacti 80 mbps problemaDenisas2010-04-27 22:49

Estimated cost to redeveloplingus2010-04-27 13:13

+postfix user limitEmnt2010-04-27 10:16

+kažkas panašaus į exchange ?!?TZ2010-04-22 15:23

+bacula-dir.conf examplelingus2010-04-19 10:50

25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6