Privet vsem!
Ne mogu nastroit' NAT.Na mashine:
Debian, kernel 2.6.12, iptables v1.3.1
eth0 (LAN) - ip:62.33.241.XX , maska: 255.255.255.192, smotrit v Internet.
eth1 (WAN) - ip:192.168.30.51 maska: 255.255.255.0, smotrit v lokalku.
Stoit 1 v /proc/sys/net/ipv4/ip_forward
Probuu vyvesti odin iz kompov lokalki (192.168.30.10) v internet:
# iptables -F
# iptables -F -t nat
# iptables -A FORWARD -i ${LAN} -s 192.168.30.10 -j ACCEPT
# iptables -A FORWARD -i ${WAN} -d 192.168.30.10 -j ACCEPT
# iptables -t nat -A POSTROUTING -o ${WAN} -s 192.168.30.10 -j SNAT --to 62.33.241.XX
Zapustil "ping yandex.ru" na mashine 192.168.30.10, i proveryau na servake:
# tcpdump -i ${LAN} dst yandex.ru
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
20:12:51.165945 IP 192.168.30.10 > yandex.ru: ICMP echo request, id 512, seq 31809, length 40
20:12:52.665681 IP 192.168.30.10 > yandex.ru: ICMP echo request, id 512, seq 32065, length ...
poka normalno...
# tcpdump -i ${WAN} dst yandex.ru
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:13:46.666790 IP 192.168.30.10 > yandex.ru: ICMP echo request, id 512, seq 41281, length 40
20:13:48.166802 IP 192.168.30.10 > yandex.ru: ICMP echo request, id 512, seq 41537, length 40
....
to est' mehanizm NAT ne srabotal, kak ya ponimau :(
# tcpdump -i ${LAN} dst 192.168.30.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel
Chto za fignya? Mojet route-table ne pravilno nastroena?
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
62.33.241.0 * 255.255.255.192 U 0 0 0 eth0
192.168.30.0 * 255.255.255.0 U 0 0 0 eth1
default 62.33.241.2 0.0.0.0 UG 0 0 0 eth0
# cat /etc/resolv.conf
nameserver 62.33.241.254
nameserver 212.45.7.130
Pojaluista, pomogite, a to uje ne
znau chto delat.
Версия для распечатки
NAT for routing help!, 
antoshib, 12-Апр-07, 20:20 [смотреть все]
