Re: Шлюз Интернет

[Dmitry Mityugov]

On 3/31/07, Коржевин Дмитрий Константинович <knc на voliacable.com> wrote:
> Помогите пожалуйста разобраться в вопросе распределения Интернет на
> второй домашний компьютер
...

Вдогонку к предыдущему ответу - вот что я делал для того-же самого с
помощью shorewall (в моём случае, 192.168.0.x был "внешним", а
10.x.x.x - внутренним интерфейсом, самба-сервер виден и изнутри и
"снаружи"):

Configured shorewall as per www.shorewall.net/shorewall_quickstart_guide.htm:
    * changed IP_FORWARDING to On in /etc/shorewall/shorewall.conf
    * made sure DISABLE_IPV6 set to Yes in /etc/shorewall/shorewall.conf
    * copied /usr/share/doc/shorewall/examples/two-interfaces/zones to
/etc/shorewall
    * copied /usr/share/doc/shorewall/examples/two-interfaces/policy
to /etc/shorewall
    * enabled "$FW net ACCEPT" rule in /etc/shorewall/policy
    * copied /usr/share/doc/shorewall/examples/two-interfaces/interfaces
to /etc/shorewall
    * removed the 'norfc1918' option from the external interface's
entry in /etc/shorewall/interfaces
    * copied /usr/share/doc/shorewall/examples/two-interfaces/masq to
/etc/shorewall
    * copied /usr/share/doc/shorewall/examples/two-interfaces/rules to
/etc/shorewall
    * added "ACCEPT loc $FW" rule to /etc/shorewall/rules
    * changed startup from 0 to 1 in /etc/default/shorewall
    * issued sudo shorewall start command
    * added "ACCEPT $FW loc" rule to /etc/shorewall/rules (to let
Samba send broadcast packets for example)
    * added "SMB/ACCEPT $FW net" and "SMB/ACCEPT net $FW" rules to
/etc/shorewall/rules

-- 
Dmitry Mityugov, St. Petersburg, Russia
I ignore all messages with confidentiality statements

"We live less by imagination than despite it" - Rockwell Kent, "N by E"