Помогите тупому настроить маршрутизацию
Yuriy Vlasov
mobv на mail.ru
Чт Янв 14 05:54:08 GMT 2010
Сергей Иванов пишет:
> Смотри в сторону nat & iptables.
>
> Примерно так
> iptables -F
> iptables -t nat -F
> iptables -A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> ЗЫ: Сначала нужно настроить локальную сеть
Вот вывод iptables --list до установки GPRS соединения:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- jupiter.npopm.ru anywhere tcp
flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- jupiter.npopm.ru anywhere
ACCEPT tcp -- cosmos.npopm.ru anywhere tcp
flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- cosmos.npopm.ru anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 188.1.255.255
DROP all -- 224.0.0.0/8 anywhere
DROP all -- anywhere 224.0.0.0/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg
10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- igo.npopm.ru jupiter.npopm.ru tcp dpt:domain
ACCEPT udp -- igo.npopm.ru jupiter.npopm.ru udp dpt:domain
ACCEPT tcp -- igo.npopm.ru cosmos.npopm.ru tcp dpt:domain
ACCEPT udp -- igo.npopm.ru cosmos.npopm.ru udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 224.0.0.0/8 anywhere
DROP all -- anywhere 224.0.0.0/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- jupiter.npopm.ru anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:44614
ACCEPT udp -- anywhere anywhere udp dpt:44614
ACCEPT tcp -- anywhere anywhere tcp dpt:60464
ACCEPT udp -- anywhere anywhere udp dpt:60464
ACCEPT tcp -- anywhere anywhere tcp
dpts:ftp-data:ftp
ACCEPT udp -- anywhere anywhere udp
dpts:20:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:nntp
ACCEPT udp -- anywhere anywhere udp dpt:119
ACCEPT tcp -- anywhere anywhere tcp
dpts:netbios-ns:netbios-ssn
ACCEPT udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp
dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpts:30000:65000
ACCEPT udp -- anywhere anywhere udp
dpts:30000:65000
ACCEPT tcp -- anywhere anywhere tcp dpt:59801
ACCEPT udp -- anywhere anywhere udp dpt:59801
ACCEPT tcp -- anywhere anywhere tcp dpt:59400
ACCEPT udp -- anywhere anywhere udp dpt:59400
ACCEPT tcp -- anywhere anywhere tcp dpt:55447
ACCEPT udp -- anywhere anywhere udp dpt:55447
ACCEPT tcp -- anywhere anywhere tcp dpt:43870
ACCEPT udp -- anywhere anywhere udp dpt:43870
ACCEPT tcp -- anywhere anywhere tcp dpt:56829
ACCEPT udp -- anywhere anywhere udp dpt:56829
ACCEPT tcp -- anywhere anywhere tcp dpt:40255
ACCEPT udp -- anywhere anywhere udp dpt:40255
ACCEPT tcp -- anywhere anywhere tcp dpt:56082
ACCEPT udp -- anywhere anywhere udp dpt:56082
ACCEPT tcp -- anywhere anywhere tcp dpt:60788
ACCEPT udp -- anywhere anywhere udp dpt:60788
ACCEPT tcp -- anywhere anywhere tcp dpt:46675
ACCEPT udp -- anywhere anywhere udp dpt:46675
ACCEPT tcp -- anywhere anywhere tcp dpt:40418
ACCEPT udp -- anywhere anywhere udp dpt:40418
ACCEPT tcp -- anywhere anywhere tcp dpt:47408
ACCEPT udp -- anywhere anywhere udp dpt:47408
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT udp -- anywhere anywhere udp dpt:5900
ACCEPT tcp -- suxanova.npopm.ru anywhere tcp dpt:5900
ACCEPT udp -- suxanova.npopm.ru anywhere udp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:daap
ACCEPT udp -- anywhere anywhere udp dpt:daap
ACCEPT tcp -- anywhere anywhere tcp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:mdns
ACCEPT tcp -- anywhere anywhere tcp dpt:snmp
ACCEPT udp -- anywhere anywhere udp dpt:snmp
ACCEPT tcp -- jupiter.npopm.ru anywhere tcp
dpt:netbios-ns
ACCEPT udp -- jupiter.npopm.ru anywhere udp
dpt:netbios-ns
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp
echo-request
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Вот вывод iptables --list после установки GPRS соединения:
root на igo:/home/yura# iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 217.118.66.244 anywhere tcp
flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 217.118.66.244 anywhere
ACCEPT tcp -- 217.150.35.129 anywhere tcp
flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 217.150.35.129 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 188.1.255.255
DROP all -- 224.0.0.0/8 anywhere
DROP all -- anywhere 224.0.0.0/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg
10/min burst 5
INBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 188.1.9.69 217.118.66.244 tcp dpt:domain
ACCEPT udp -- 188.1.9.69 217.118.66.244 udp dpt:domain
ACCEPT tcp -- 188.1.9.69 217.150.35.129 tcp dpt:domain
ACCEPT udp -- 188.1.9.69 217.150.35.129 udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- 224.0.0.0/8 anywhere
DROP all -- anywhere 224.0.0.0/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- 188.1.1.7 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:44614
ACCEPT udp -- anywhere anywhere udp dpt:44614
ACCEPT tcp -- anywhere anywhere tcp dpt:60464
ACCEPT udp -- anywhere anywhere udp dpt:60464
ACCEPT tcp -- anywhere anywhere tcp
dpts:ftp-data:ftp
ACCEPT udp -- anywhere anywhere udp
dpts:20:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:nntp
ACCEPT udp -- anywhere anywhere udp dpt:119
ACCEPT tcp -- anywhere anywhere tcp
dpts:netbios-ns:netbios-ssn
ACCEPT udp -- anywhere anywhere udp
dpts:netbios-ns:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp
dpt:microsoft-ds
ACCEPT udp -- anywhere anywhere udp
dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp
dpts:30000:65000
ACCEPT udp -- anywhere anywhere udp
dpts:30000:65000
ACCEPT tcp -- anywhere anywhere tcp dpt:59801
ACCEPT udp -- anywhere anywhere udp dpt:59801
ACCEPT tcp -- anywhere anywhere tcp dpt:59400
ACCEPT udp -- anywhere anywhere udp dpt:59400
ACCEPT tcp -- anywhere anywhere tcp dpt:55447
ACCEPT udp -- anywhere anywhere udp dpt:55447
ACCEPT tcp -- anywhere anywhere tcp dpt:43870
ACCEPT udp -- anywhere anywhere udp dpt:43870
ACCEPT tcp -- anywhere anywhere tcp dpt:56829
ACCEPT udp -- anywhere anywhere udp dpt:56829
ACCEPT tcp -- anywhere anywhere tcp dpt:40255
ACCEPT udp -- anywhere anywhere udp dpt:40255
ACCEPT tcp -- anywhere anywhere tcp dpt:56082
ACCEPT udp -- anywhere anywhere udp dpt:56082
ACCEPT tcp -- anywhere anywhere tcp dpt:60788
ACCEPT udp -- anywhere anywhere udp dpt:60788
ACCEPT tcp -- anywhere anywhere tcp dpt:46675
ACCEPT udp -- anywhere anywhere udp dpt:46675
ACCEPT tcp -- anywhere anywhere tcp dpt:40418
ACCEPT udp -- anywhere anywhere udp dpt:40418
ACCEPT tcp -- anywhere anywhere tcp dpt:47408
ACCEPT udp -- anywhere anywhere udp dpt:47408
ACCEPT tcp -- anywhere anywhere tcp dpt:5900
ACCEPT udp -- anywhere anywhere udp dpt:5900
ACCEPT tcp -- anywhere anywhere tcp dpt:daap
ACCEPT udp -- anywhere anywhere udp dpt:daap
ACCEPT tcp -- anywhere anywhere tcp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:mdns
ACCEPT tcp -- anywhere anywhere tcp dpt:snmp
ACCEPT udp -- anywhere anywhere udp dpt:snmp
ACCEPT tcp -- 188.1.1.7 anywhere tcp
dpt:netbios-ns
ACCEPT udp -- 188.1.1.7 anywhere udp
dpt:netbios-ns
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp
echo-request
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Что и где надо подправить ?
--
[Team] Kalabaha
The Ubuntu Counter Project - user number # 17409
ICQ: 170701066 Skype: yura257
Всего доброго, Юра.
Подробная информация о списке рассылки ubuntu-ru