[slack-users] Re: [SPAM] [slack-users] Re: Roteamento avancado

Jaderson da Silva Tue, 15 Jul 2008 17:11:47 -0700

Estou com a seguinte configuracao:


IPTABLES:

iptables -t nat -I PREROUTING   -d 10.1.1.2 -i eth2 -p tcp -m tcp --dport 
3389 -j DNAT --to-destination 172.16.0.253:3389
iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -o eth2 -j SNAT --to-source 
10.1.1.2
iptables -t nat -I POSTROUTING -s 172.16.0.0/24 -o eth0 -j SNAT --to-source 
10.2.2.2

iptables -t mangle -I PREROUTING -i eth1 -p tcp  -s 172.16.0.253 -j 
MARK --set-mark 200

#####################################################################

IPROUTE:

lan_if=eth1
lan_net=172.16.0.0/24
lan_gw=172.16.0.254

fix_if=eth0
fix_net=10.2.2.0/24
fix_gw=10.2.2.1
fix_ip=10.2.2.2

dyn_if=eth2
dyn_net=10.1.1.0/24
dyn_gw=10.1.1.1
dyn_ip=10.1.1.2

echo "#"                  > /etc/iproute2/rt_tables
echo "# reserved values" >> /etc/iproute2/rt_tables
echo "#"                 >> /etc/iproute2/rt_tables
echo "255 local"         >> /etc/iproute2/rt_tables
echo "254 main"          >> /etc/iproute2/rt_tables
echo "253 default"       >> /etc/iproute2/rt_tables
echo "0 unspec"          >> /etc/iproute2/rt_tables
echo "#"                 >> /etc/iproute2/rt_tables
echo "# local"           >> /etc/iproute2/rt_tables
echo "#"                 >> /etc/iproute2/rt_tables
echo "#1      inr.ruhep" >> /etc/iproute2/rt_tables
echo "20 fix"            >> /etc/iproute2/rt_tables
echo "30 dyn"            >> /etc/iproute2/rt_tables

ip route del default &> /dev/null
ip route del default &> /dev/null
ip route del default &> /dev/null

ip rule del lookup fix &> /dev/null
ip rule del lookup fix &> /dev/null
ip rule del lookup fix &> /dev/null
ip rule del lookup dyn &> /dev/null
ip rule del lookup dyn &> /dev/null
ip rule del lookup dyn &> /dev/null

ip rule del table fix prio 40
ip rule del table dyn prio 40
ip rule add table fix prio 40
ip rule add table dyn prio 40

ip route del $fix_ip via $fix_gw dev $fix_if table fix
ip route del default via $fix_gw table fix
ip route add $fix_ip via $fix_gw dev $fix_if table fix
ip route add default via $fix_gw table fix

ip route del $dyn_ip via $dyn_gw dev $dyn_if table dyn
ip route del default via $dyn_gw table dyn
ip route add $dyn_ip via $dyn_gw dev $dyn_if table dyn
ip route add default via $dyn_gw table dyn

 ip rule  del from $fix_ip   table  fix  prio 30
 ip rule  del from $dyn_ip table  dyn  prio 30
 ip rule  add from $fix_ip table  fix  prio 30
 ip rule  add from $dyn_ip table  dyn  prio 30


 ip route del $dyn_net proto kernel dev eth0 src $dyn_ip table dyn
 ip route del $lan_net   proto kernel dev eth1 src $lan_gw  table dyn
 ip route add $dyn_net proto kernel dev eth2 src $dyn_ip table dyn
 ip route add $lan_net  proto kernel dev eth1 src $lan_gw table dyn

 ip route del $lan_net   proto kernel dev eth1 src $lan_gw table fix
 ip route del $fix_net proto kernel dev eth0 src $fix_ip  table fix
 ip route add $lan_net  proto kernel dev eth1 src $lan_gw table fix
 ip route add $fix_net proto kernel dev eth0 src $fix_ip table fix

 ip rule add fwmark 200 table dyn prio 20

 ip route flush cache

#####################################################################


    Hoje foi o 5º dia de batalha.... por enquanto nada de funcionar...

    Uma observacao interessante eh a seguinte:

        se eu substituir o comando: ip rule add fwmark 200 table dyn prio 20
        pelo comando:                   ip rule add from 172.16.0.253 table 
dyn prio 20

    funciona perfeitamene a conexao via RDP nesta maquina, porem toda a 
saida dela passa a ser pelo ip dinamico,
quando na verdade preciso que soh a conexao RDP o seja.

Jaderson.

















----- Original Message ----- 
From: "Jarbas Celante - CTE Internet" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, July 15, 2008 11:32 AM
Subject: [SPAM] [slack-users] Re: Roteamento avancado



> para este IP adicionando na linha de comando do iptables "-o
> $IFACE_LINK_TAL" ?

Algo assim:

iptables -t nat -A POSTROUTING -s 172.172.172.172 -o $IFACE_LINK1 -j
MASQUERADE

Jarbas Celante
CTE - Provedor de Internet
Erechim - RS - Brasil
+55 (54) 3522 9300

Mantenha-nos em mente para qualquer solucao em conectividade e Internet!




-------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de antivirus SERVBLU



-------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de antivirus SERVBLU


--~--~---------~--~----~------------~-------~--~----~
GUS-BR - Grupo de Usuários de Slackware Brasil
http://www.slackwarebrasil.org/
http://groups.google.com/group/slack-users-br
-~----------~----~----~----~------~----~------~--~---

[slack-users] Re: [SPAM] [slack-users] Re: Roteamento avancado

Responder a