Re: lug-bg: ipac+ipchains+mrtg
- Subject: Re: lug-bg: ipac+ipchains+mrtg
- From: firedust@xxxxxxx (Stanislav Lechev (AngelFire))
- Date: Wed, 11 Apr 2001 19:19:44 +0300 (EEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
mdam werno che se zabludih...
po princip nqma znachenie ako iptata sa istinski
no ako sa masq... trqbwa da se wnimawa s interface-a :)
a problemyt move i da ne e w ipchains-a ...
dori sym pochti siguren che ne e tam...
po skoro kernela...
ipchains-a e prosto interface kym kernela
qwno kato setnesh rules kernela pochwa da si broi paketi
no problema qwno e che kernela ne broi redirektnatite paketi
znaesh li kakkwo movesh da opitash
potyrsi dokumentaciq za redirect-a move da ima neshto pisano
move da opitash sys iptables/iproute ako s tqh stane ...
znachi problema e wyw ipchains-a
syshto taka move da poglednesh:
REDIRECT target support
CONFIG_IP_NF_TARGET_REDIRECT
REDIRECT is a special case of NAT: all incoming connections are
mapped onto the incoming interface's address, causing the packets to
come to the local machine instead of passing through. This is
useful for transparent proxies.
If you want to compile it as a module, say M here and read
Documentation/modules.txt. If unsure, say `N'.
move pyk i da pomogne :)
On Wed, 11 Apr 2001, Hristo Nazarov wrote:
> Date: Wed, 11 Apr 2001 05:34:03 -0700
> From: Hristo Nazarov <hristo@xxxxxxxxxxxx>
> Reply-To: lug-bg@xxxxxxxxxxxxxxxxxx
> To: lug-bg@xxxxxxxxxxxxxxxxxx
> Subject: Re: lug-bg: ipac+ipchains+mrtg
>
> Mersi za savetite...
>
> 1. Mrezata ne mi e vatreshna, a istnska..prosto ne skam da si pisha
> IP...Sazeliawam che sam te zabludil.
>
> 2. Niama znachenie na koi interface meria (polzwam portslave deto zabiwa
> twardi IP na wseki ot modemite - a s ipchains sam definiral accounting
> prawila za IP (ne za Interfejci)- taka greshka ne moze da stawa)
> 3. Po skoro waprosat mi e za ipchains...Wsichko si raboti ok obache kogato
> REDIRECTwam paketi kam proxyto te prosto ne stigat do accountig
> chaina..(Towa si e osobenost na ipchains)...
> 4. Mislia (Znam) che problemat mi e w ipchains--Prosto ne se sehtam kak da
> go konfiguriram hem da redirectwa, hem da stga do accounting chaina
>
> Mersi Za Informaciata..Ama ne e towa sluchaia...
> ----- Original Message -----
> From: "Stanislav Lechev (AngelFire)" <firedust@xxxxxxx>
> To: <lug-bg@xxxxxxxxxxxxxxxxxx>
> Sent: Wednesday, April 11, 2001 6:56 AM
> Subject: Re: lug-bg: ipac+ipchains+mrtg
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > zabelqzwam che gledash ttySx
> > kakto prepolagam ti imash poweche ot edin interface
> >
> > t.e.
> > eth0
> > ppp0
> > ppp1
> > tnt
> >
> > togawa trqbwa da wnimawash na koj interface merish :)
> > a i weroqtno problema ti e che gi masqrade-wash
> > i ako se opitwash da hwanesh wsqko masq ip po otdelno
> > na eth0 nqma da stane ...
> >
> > a kato gledam maj ppp0x.domain.net e private mreva(192.168/16)
> >
> >
> > da si predstawim slednoto:
> >
> > (client) ppp0 <--> eth0 (inet)
> >
> > ti imash :
> > 192.168.0.1 <--> 0/0
> > MASQ
> > towa 192.168.0.1(ppp0) kogato otide na 0/0(eth0) weche ne e 192.168.0.1
> > a e real ip
> > sledowatelno na eth0 ne movesh da gledash za 192.168/16 :)
> >
> > no ne e zadylvitelno da e towa problema pri tebe
> >
> >
> > On Wed, 11 Apr 2001, Hristo Nazarov wrote:
> >
> > > Date: Wed, 11 Apr 2001 01:13:47 -0700
> > > From: Hristo Nazarov <hristo@xxxxxxxxxxxx>
> > > Reply-To: lug-bg@xxxxxxxxxxxxxxxxxx
> > > To: lug-bg@xxxxxxxxxxxxxxxxxx
> > > Subject: lug-bg: ipac+ipchains+mrtg
> > >
> > > Zdrawejte,
> > > naskoro si instalirah ipac. Mnogo sam dowolen kak se sprawia. Obache
> imam
> > > malak problem s nastrojkata na ipchains...
> > > tova e chast ot ipchains -L -v
> > >
> > > 975 219K ipac_bth all ------ 0xFF 0x00 any
> > > anywhere anywhere n/a
> > > 975 219K ipac_in all ------ 0xFF 0x00 any
> > > anywhere anywhere n/a
> > > 170 9428 REDIRECT tcp ------ 0xFF 0x00 any
> > > ppp04.domain.net anywhere any -> www => www
> > >
> > >
> > > Chain ipac_in (1 references):
> > > pkts bytes target prot opt tosa tosx ifname mark
> outsize
> > > source destination ports
> > > 856 240K - all ------ 0xFF 0x00 eth0
> > > anywhere anywhere n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > anywhere ppp01.domain.net n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > anywhere ppp02.domain.net n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > anywhere ppp03.domain.net n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > anywhere ppp04.domain.net n/a
> > >
> > > Chain ipac_out (1 references):
> > > pkts bytes target prot opt tosa tosx ifname mark
> outsize
> > > source destination ports
> > > 820 232K - all ------ 0xFF 0x00 eth0
> > > anywhere anywhere n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > ppp01.domain.net anywhere n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > ppp02.domain.net anywhere n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > ppp03.domain.net anywhere n/a
> > > 0 0 - all ------ 0xFF 0x00 eth0
> > > ppp04.domain.net anywhere n/a
> > >
> > >
> > > Problema e che kogato prawia REDIRECT na paketi - ppp04.domain.net
> (pusnal
> > > sam edno transperantno proxy (SQUID) na sashtata mashina)
> > > Ne se otchitat tezi paketi (trafika ot REDIRECTA). Naskoro go zabeliazah
> i
> > > izglezda logichno. Obache kato se zamislia Kak da configuriram ipchains
> taka
> > > che hem Da si imam REDIRECT hem da mi prawi tochen accounting. Ne se
> seshtam
> > > za nishto Umno. Niakoj da se sehta kak da stane hubawinata?
> > > Tova e ipac.conf
> > >
> > > cat /etc/ipac.conf
> > > # $Id: ipac.conf,v 1.1 2000/02/25 19:05:10 moritz Exp $
> > > # Example config file with accounting rules
> > > # Install as /etc/ipac.conf
> > > #
> > > # Format:
> > > # Name of rule|direction|interface|protocol|source|destination
> > > #
> > > # where
> > > # Name of rule Any string to identify this rule
> > > # direction in | out
> > > # interface ip number or interface name
> > > # protocol tcp | udp | icmp | all
> > > # source \
> > > # destination both as described in ipfwadm(8), or empty
> > > # incoming:
> > > incoming all |in|eth0|all||
> > > incoming ttyS4 |in|eth0|all|0/0|192.168.255.161|
> > > incoming ttyS5 |in|eth0|all|0/0|192.168.255.162|
> > > incoming ttyS6 |in|eth0|all|0/0|192.168.255.163|
> > > incoming ttyS7 |in|eth0|all|0/0|192.168.255.164|
> > >
> > >
> > > #
> > > # Outgoing:
> > > outgoing all |out|eth0|all||
> > > outgoing ttyS4 |out|eth0|all|192.168.255.161|0/0|
> > > outgoing ttyS5 |out|eth0|all|192.168.255.162|0/0|
> > > outgoing ttyS6 |out|eth0|all|192.168.255.163|0/0|
> > > outgoing ttyS7 |out|eth0|all|192.168.255.164|0/0|
> > >
> > >
> > >
> > >
> > >
> ===========================================================================
> > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> Zagora
> > >
> >
> > - -=======================================================================
> ====-
> > Regards, AngelFire
> > Stanislav Lechev <firedust@xxxxxxx>
> > PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc
> > - -=======================================================================
> ====-
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.4 (GNU/Linux)
> > Comment: Made with pgp4pine 1.75-6
> >
> > iD8DBQE61GKf8RPXBhiMqewRAqZ7AJ9mseqNCvxeL+hnRTzH9ScuUygZYgCfQK8r
> > pNV0q41w6HimfUAhM+xMghM=
> > =K4ol
> > -----END PGP SIGNATURE-----
> >
> >
> >
> ===========================================================================
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> > http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
> Zagora
> >
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
>
- -===========================================================================-
Regards, AngelFire
Stanislav Lechev <firedust@xxxxxxx>
PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc
- -===========================================================================-
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Made with pgp4pine 1.75-6
iD8DBQE61IQj8RPXBhiMqewRApi1AJ4k/Ycp8/294lGljKmeZoRSI04LNgCffnJp
+rs91EJ8WBhR7wYQXDjZnw8=
=zJx/
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|