vadny CDMA modem nebo problem v Iptables?
sniper_2 na centrum.cz
sniper_2 na centrum.cz
Pondělí Leden 2 21:24:24 CET 2006
Zdravim v novem roce a vsem preji hodne pohodicky.
Tak jsem porad problem ohledne pridelovani ruznych IPadres na modemu CDMA
GTRAN nevyresil. Prolezal jsem konference na www.cdma.cz, googloval atd.
nasel jsem prispevky ktery bud nejsou funkcni vubec nebo jsou priliz
zastarale. Myslim ze modem na reklamaci neni, nebot jsem pomoci TCPDUMP
zjistil ze modem spadne po prichozim packetu s jinou zdrojovou IP(jak zde
bylo receno drive).
Muzete mi nekdo poradit co mam v ip-up blbe:?
=========================== ip-up ======================
#!/bin/bash
# this is a script which is executed after connecting the ppp interface.
# look at man pppd for details
# the followings parameters are available:
# $1 = interface-name
# $2 = tty-device
# $3 = speed
# $4 = local-IP-address
# $5 = remote-IP-address
# $6 = ipparam
#Support for the new Gentoo baselayout
[ -f /sbin/functions.sh ] && source /sbin/functions.sh
if [ -x "${svclib}/net.modules.d/helpers.d/pppd-wrapper" ] &&
[ -x "/etc/init.d/net.$1" ] ; then
${svclib}/net.modules.d/helpers.d/pppd-wrapper up $1
elif [ "$USEPEERDNS" ]; then
# add the server supplied DNS entries to /etc/resolv.conf
# (taken from debian's 0000usepeerdns)
# follow any symlink to find the real file
REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf)
if [ "$REALRESOLVCONF" != "/etc/ppp/resolv.conf" ]; then
# merge the new nameservers with the other options from the
old configuration
{
grep --invert-match '^nameserver[[:space:]]'
$REALRESOLVCONF
cat /etc/ppp/resolv.conf
} > $REALRESOLVCONF.tmp
# backup the old configuration and install the new one
cp -dpP $REALRESOLVCONF $REALRESOLVCONF.pppd-backup
mv $REALRESOLVCONF.tmp $REALRESOLVCONF
# correct permissions
chmod 0644 /etc/resolv.conf
chown root:root /etc/resolv.conf
fi
fi
[ -f /etc/ppp/ip-up.local ] && . /etc/ppp/ip-up.local "$@"
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
PPP_IIP="$4"
/sbin/iptables -A OUTPUT -m state --state INVALID -o ppp0 -j DROP
/sbin/iptables -t nat -A OUTPUT -m state --state INVALID -o ppp0 -j DROP
/sbin/iptables -A OUTPUT --source ! ${PPP_IIP} -o ppp0 -j DROP
/sbin/iptables -t nat -A OUTPUT --source ! ${PPP_IIP} -o ppp0 -j DROP
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.2.0/24 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
======================= ip-down =====================
#!/bin/bash
# this is a script which is executed after disconnecting the ppp interface.
# look at man pppd for details
# the followings parameters are available:
# $1 = interface-name
# $2 = tty-device
# $3 = speed
# $4 = local-IP-address
# $5 = remote-IP-address
# $6 = ipparam
#Support for the new Gentoo baselayout
[ -f /sbin/functions.sh ] && source /sbin/functions.sh
if [ -x "${svclib}/net.modules.d/helpers.d/pppd-wrapper" ] &&
[ -x "/etc/init.d/net.$1" ] ; then
${svclib}/net.modules.d/helpers.d/pppd-wrapper down $1
elif [ "$USEPEERDNS" ]; then
# taken from debian's 0000usepeerdns
# follow any symlink to find the real file
REALRESOLVCONF=$(readlink --canonicalize /etc/resolv.conf)
if [ "$REALRESOLVCONF" != "/etc/ppp/resolv.conf" ]; then
# if an old resolv.conf file exists, restore it
if [ -e $REALRESOLVCONF.pppd-backup ]; then
mv $REALRESOLVCONF.pppd-backup $REALRESOLVCONF
fi
fi
fi
[ -f /etc/ppp/ip-down.local ] && . /etc/ppp/ip-down.local "$@"
echo "0" > /proc/sys/net/ipv4/ip_forward
route del default
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -F
/sbin/iptables -X
Další informace o konferenci Linux