[rlug] Re: NAT si broadcast

Dumitru Postoronca Sat, 07 Aug 2004 17:59:51 -0700

On Saturday, August 7, 2004, lonely wolf wrote:
lonely wolf> Dumitru Postoronca wrote:


>>Salutare.
>>
>>Am urmatoru config:
>>
>>Calc1 - Linux
>>eth0 : 10.0.0.1/255.255.255.0 (gateway, nat)
>>eth1 : 192.168.0.4/255.255.255.0 (retea bloc)
>>
>>Calc2 - Windows
>>IP : 10.0.0.201
>>Gateway: 10.0.0.1
>>
>>Calc2 e conectat cu Calc1, care la rindul lui e intr-o retea bloc.
>>
>>---------     -------------------    ---------
>>| calc2 | ----|eth0  calc1  eth1|----| retea |
>>---------     -------------------    ---------
>>Vreau sa rulez BorgChat de pe Calc2. Problema e ca nu vad pe nimeni
>>online. Borgchat face broadcast udp pe 192.168.0.255:7550  si tcp
>>192.168.0.255:7551 pentru a vedea cine mai e online si pe site la
>>ei scrie sa deschid portule astea in firewall. (destinatia x.x.x.255
>>inseamna broadcast, nu?)
>>
>>Ce am incercat sa fac:
>>1)
>>Daca rulez Borg, dupa care dau
>># cat /proc/net/ip_conntrack | grep 7550
>>udp      17 28 src=10.0.0.201 dst=192.168.0.255 sport=7550 dport=7550
>>[UNREPLIED] src=192.168.0.255 dst=10.0.0.201 sport=7550 dport=7550 use=1
>>
>>Asta ma face sa cred ca broadcastu trece prin gateway. Corect?
>>Oricum, www/ftp/irc merg prin gateway. Doar borg-u nu vrea.
>>
>>2)
>>Am incercat si sa fac port forwarding la portu 7550 de pe calc1 ->
>>cal2 (poate packetele erau blocate la "intoarcere") folosind
>>comenzile:
>># iptables -t nat -A PREROUTING -p udp -i eth1 -d 192.168.0.4 --dport
>>7550 -j DNAT --to 10.0.0.201:7550
>># iptables -A FORWARD -p udp -i eth1 -d 10.0.0.201 --dport 7550 -j ACCEPT
>>(la fel pentru tcp cu portul 7551)
>>
>>Tot nu vad pe nimeni.
>>
>>Poate cineva sa ma ajute?
>>  
>>
lonely wolf> incearca:
lonely wolf> iptables -A POSTROUTING -s 10.0.0.201 -o
lonely wolf> eth1 -p udp --dport 7550 -j 
lonely wolf> SNAT --to 192.168.0.4
lonely wolf> si similar pe tcp


Nu merge nici asa. Scriptu iptables arata astfel, poate vedeti voi
ceva ce nu vad eu (nu am cine stie ce experienta in domeniu):

echo " 1) Setting default options"
iptables -F
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t mangle -F
iptables -t nat -F

echo " 2) Setting rules "
echo "    - enable SNAT"
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.1.4

echo "    - enable forwarding"
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

echo " 3) Enabling IP FORWARDING"
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/ip_dynaddr ## disabled deoarece am IP-uri statice

Am incarcat borg si nu mergea, dupa care am rulat:

iptables -t nat -I POSTROUTING 1 -s 10.0.0.201 -o eth1 \
   -p udp --dport 7550 -j SNAT --to 192.168.1.80:7550

iptables -t nat -I POSTROUTING 1 -s 10.0.0.201 -o eth1 \
   -p tcp --dport 7551 -j SNAT --to 192.168.1.80:7551

dupa cum mi-a spus lonely wolf si tot nimic.

Poate am vre-o eroare grava in scriptu "principal" ?

Mersi.


--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] Re: NAT si broadcast

Raspunde prin e-mail lui