Router/fw se dvema kartami - MASQ funguje ACCEPT ne
Radek Valek
radek.valek na volny.cz
Pondělí Květen 29 13:25:50 CEST 2000
Zdravim,
mam router - RedHat 6.1 dve sitovky (195.144.104.3 - sit VENKOVNI a
192.168.5.1- sit VNITRNI ) urceny ke spojeni dvou siti. Mam zapnuty IP
forwarding a pomoci IPCHAINS vytvoreny velmi jednoduchy firewall.
Pokud nastavim maskovani adres ze site VNITRNI, vse funguje jak ma, pingnu
si z libovolne stanice na siti VNITRNI na libovollnoou stanici site
VENKOVNI, ale opacne ne.
Pokud, ale nastavim pouze predavani - tedy v pravidlu pro retez FORWARD -
cil ACCEPT misto MASQ, prestane mi router routovat.... Retezy INPUT i OUTPUT
maji nastavene politiky na ACCEPT. Jine pravidlo neni.
Pripojuju route a ipchains -L
dik
Radek
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.5.1 * 255.255.255.255 UH 0 0 0 eth1
195.144.104.3 * 255.255.255.255 UH 0 0 0 eth0
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth0
255.255.255.255 * 255.255.255.255 UH 0 0 0 eth1
192.168.5.0 * 255.255.255.0 U 0 0 0 eth1
195.144.104.0 * 255.255.255.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default xxx.xxxx.xxx 0.0.0.0 UG 0 0 0 eth0
xxxxxxx Fungujici maskarada xxxxxxxx
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
MASQ all ------ 192.168.5.0/24 anywhere n/a
Chain output (policy ACCEPT):
xxxxxxx Nefungujici predavani xxxxxxxx
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ 192.168.5.0/24 anywhere n/a
Chain output (policy ACCEPT):
Další informace o konferenci Linux