С нами с 16.08.07
Сообщения: 44
|
 Добавлено: 11/01/08 в 14:03 |
тачка с линуксом подключена к нету через адсл, в нее воткнута витуха (кривая) до второй тачки с вендой. требуется чтоб тачка с вендой тож лазила в нете.
настройки венды http://img213.imageshack.us/my.php?image=vendayw4.gif
сетевой интерфейс на линухе поднимается следующим образом
| Код: |
#ifconfig eth0 up 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
|
| Код: |
[root@localhost admin]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1A:92:B1:AC:CB
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21a:92ff:feb1:accb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1227 errors:0 dropped:0 overruns:0 frame:0
TX packets:69 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:206942 (202.0 KiB) TX bytes:11116 (10.8 KiB)
Interrupt:17
eth1 Link encap:Ethernet HWaddr 00:18:DE:C7:86:7D
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1 errors:1 dropped:184 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:8170 (7.9 KiB)
Interrupt:16 Base address:0xc000 Memory:fe0ff000-fe0fffff
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:896 (896.0 b) TX bytes:896 (896.0 b)
nas0 Link encap:Ethernet HWaddr 00:13:49:1F:09:16
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:49ff:fe1f:916/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3817 errors:0 dropped:0 overruns:0 frame:0
TX packets:3870 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1919600 (1.8 MiB) TX bytes:667159 (651.5 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:айпи P-t-P:айпи Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3705 errors:0 dropped:0 overruns:0 frame:0
TX packets:3729 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1884687 (1.7 MiB) TX bytes:538205 (525.5 KiB)
|
сюдя по всему неудачная попытка настроить нат
| Код: | | iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 192.168.0.10 |
листинг iptables
| Код: | [root@localhost admin]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG udp -- anywhere anywhere udp dpts:0:1023 LOG level warning
LOG tcp -- anywhere anywhere tcp dpts:0:1023 LOG level warning
DROP udp -- anywhere anywhere udp dpts:0:1023
DROP tcp -- anywhere anywhere tcp dpts:0:1023
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
DROP icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:113
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,445
DROP udp -- anywhere anywhere udp dpts:137:139
DROP udp -- anywhere anywhere udp spt:137 dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,139,445
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:53
Chain Ifw (0 references)
target prot opt source destination
RETURN 0 -- anywhere anywhere set ifw_wl src
DROP 0 -- anywhere anywhere set ifw_bl src
IFWLOG 0 -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'
Chain Reject (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:113
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,445
reject udp -- anywhere anywhere udp dpts:137:139
reject udp -- anywhere anywhere udp spt:137 dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,139,445
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:53
Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere
Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID
Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
Chain dynamic (8 references)
target prot opt source destination
Chain eth0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere
Chain eth0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere
Chain eth0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere
Chain eth1_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
loc2net 0 -- anywhere anywhere
loc2net 0 -- anywhere anywhere
loc2net 0 -- anywhere anywhere
Chain eth1_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
loc2fw 0 -- anywhere anywhere
Chain eth1_out (0 references)
target prot opt source destination
fw2loc 0 -- anywhere anywhere
Chain fw2loc (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain fw2net (3 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain loc2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain loc2net (3 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:'
DROP 0 -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere
Chain nas0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere
Chain nas0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere
Chain nas0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere
Chain net2all (6 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP 0 -- anywhere anywhere
Chain ppp0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere
Chain ppp0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere
Chain ppp0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere
Chain reject (8 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain shorewall (0 references)
target prot opt source destination
Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
[root@localhost admin]# |
таблица роутинга
| Код: | [root@localhost admin]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
реал айпи 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 nas0
192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 nas0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0
|
вопрос как сделать чтобы все это заработало?
|
|
|
|
| |
С нами с 07.01.08
Сообщения: 4
Рейтинг: 1
|
| Добавлено: 12/01/08 в 16:36 |
что
| Код: |
cat /proc/sys/net/ipv4/ip_forward
|
показывает?
если 0, сделай
| Код: |
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
| |
С нами с 30.07.03
Сообщения: 264
Рейтинг: 290
|
| Добавлено: 13/01/08 в 19:58 |
NAT и DHCP Relay поднимай на модеме. В винде ставь получать адрес автоматически (DHCP). Я думаю у любого xDSL модема есть веб интерфейс, где все можно интуитивно сделать методом тыка 
|
|
|
|
| |
С нами с 21.09.03
Сообщения: 7329
Рейтинг: 2144
|
| Добавлено: 13/01/08 в 20:08 |
NAT не верно настроен. Надо -s 192.168.1.0/24
|
|
|
|
| |
С нами с 16.08.07
Сообщения: 44
|
| Добавлено: 13/01/08 в 20:12 |
вобщем разурлил таким скриптом
| Код: |
#!/bin/sh
IPTABLES=/sbin/iptables
# EXTIF - external interface connected to the Internet
# INTIF - internal interface
EXTIF="ppp0"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -F
$IPTABLES -X
echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
|
|
|
|
|
| |
С нами с 16.08.07
Сообщения: 44
|
| Добавлено: 13/01/08 в 20:13 |
| Insert писал: | | NAT и DHCP Relay поднимай на модеме. В винде ставь получать адрес автоматически (DHCP). Я думаю у любого xDSL модема есть веб интерфейс, где все можно интуитивно сделать методом тыка |
так винда тут причем, ей модем никто не дает
модем у линуха
а он раздает инет через витуху винде
|
|
|
|
| |
Текстовая реклама в форме ответа
Заголовок и до четырех строчек текста
Длина текста до 350 символов
Купить рекламу в этом месте! |
