accounting a masquerading

David Rohleder davro na ics.muni.cz
Pondělí Září 27 14:26:42 CEST 1999 

Jirka Machacek <jmac na gsl.kralupy.cz> writes:

> Chtel bych vas poprosit o radu jak spravne nastavit accounting.
> Potrebuji pocitat packety pro jednotlive PC s ip 192.168.15.x a
> to jednotlive, ktere jdou ven na internet a zpet, ale nikoliv
> ty ktere jdou jen mezi lokalnimi stroji a firewallem napr. pri
> administraci nebo pri kopirovani dat opet lokalne ne z venci.
> -----
> jadro:
> 2.0.36
> -----
> schema:
> http://mujweb.cz/www/mattes/help.jpg
> -----
> route tabulka:
> Kernel IP routing table
> Destination     Gateway         Genmask            Iface
> 194.212.215.0   0.0.0.0       255.255.255.0   U    eth0
> 192.168.15.0    0.0.0.0       255.255.255.0   U    eth1
> 127.0.0.0       0.0.0.0       255.0.0.0       U    lo
> 0.0.0.0         194.212.215.1 0.0.0.0         UG   eth0
> -----
> nastaveni ipfwadm:
> echo Starting IP firewalling and masquerading services.
> ipfwadm -I -f
> ipfwadm -O -f
> ipfwadm -F -f
> ipfwadm -A -f
> # change the default policy:
> ipfwadm -O -p accept
> ipfwadm -I -p accept
> ipfwadm -F -p accept
> #      ------------------  Input  ------------------
> #      ------------------  Output ------------------
> #      ------------------  Masq   ------------------
> ipfwadm -F -a m -S 192.168.15.0/255.255.255.0 -D 0.0.0.0/0
> -----
> pro pocitani pouzivam balik ipac
> konfigurace zatim vypada takto:
> EXPLORER|in|eth1|all|192.168.15.3/255.255.255.255|0/0
> EXPLORER|out|eth1|all|0/0|192.168.15.3/255.255.255.255

Name of rule
              is a unique name for the rule. There can't  be  two
              rules with the same name. The name's function is to
              identify the rule. It can have any length  and  any
              character  in it, without "|". Don't make it longer
              than 40 characters.



> -----
> Toto vse je v poradku a funguje, avsak pocitani pro stroj
> explorer pocita vse, at data konci na firewallu nebo jdou ven.
> 


-- 
-------------------------------------------------------------------------
David Rohleder						davro na ics.muni.cz
Institute of Computer Science, Masaryk University
Brno, Czech Republic
-------------------------------------------------------------------------

Další informace o konferenci Linux