RE: lug-bg: problem otnosno rutiraneto
- Subject: RE: lug-bg: problem otnosno rutiraneto
- From: bkrosnov@xxxxxxxx (Boyan Krosnov)
- Date: Thu, 2 May 2002 19:40:06 +0300
Kratkiq otgowor:
iptables -t nat -I POSTROUTING -i <inside_intf> -o <outside_intf> -s
<internalnet/mask> -d !<outsidenet/mask> -j SNAT --to <outside ip>
:)
Dylgiq otgowor:
Kato prawish SNAT kernela pazi systoqnieto na konekciite (state) koito
sa maskirani i pri poluchawane na paket po nqkoq ot tezi konekcii sys
destination ip <outside ip> go razmaskira. Syshto se sprawq i s
generiraneto prepredawaneto na kontrolni ICMP syobshteniq otnasqshti se
do tezi konekcii. Syshto mojesh da si instalirash protokolni pomoshtnici
kato conntrack_ftp i conntrack_irc (+ syotwetnite im ipt moduli) koito
da syzdawat dopylnitelno prawila w tablicata za translaciite. Sys
spomenatoto po-gore iptables prawilo tablicata sys translaciite se
modificira samo za nowi konekcii koito otgowarqt na wsichkite tezi
uslowiq:
1. idwat ot wytreshniq ti interface
2. izlizat prez wynshniq interface
3. sa sys source adres popadasht w mrejata <internalnet/mask>
4. sa sys destination adres _NE_ popadasht w mrejata <outsidenet/mask>
Ne e nujno da swyrzwash dwata etherneta za da imash ip swyrzanost m/u
maskiranata ti mreja i wynshnata ti mreja. Nito e nujno da go prawish za
da ti se wijdat mashinite prez windowskiq network neighbourhood.
W kakyv smisyl da gi 'wijdash' ? Da mogat da si browsewash share-ite ili
da ima ip swyrzanost m/u tqh?
Ako imash w predwid da mogat da se browsewast pc-tata w windowskata ti
mreja w/u TCP/IP togawa ti trqbwa WINS server ili nqkakwo application
level CIFS proxy kato smbweb (maj taka se kazwashe, probwaj i smbwww ako
ne mojesh da namerish smbweb). I posledno, shte ti e polezno da hwyrlish
edin pogled na
http://www.samba.org/samba/ftp/docs/htmldocs/using_samba/.
BR,
Boyan
> -----Original Message-----
> From: linuxman [mailto:linuxman@xxxxxxx]
> Sent: Wednesday, May 01, 2002 1:07 PM
> To: lug-bg@xxxxxxxxxxxxxxxxxx
> Subject: RE: lug-bg: problem otnosno rutiraneto
>
>
>
> ne be ne.na4i maskiraneto si mi raboti na 6.vyprosa e 4e
> otvynka trqbva
> da vijdam pc-tata vyv vytre6nata mreja(i obratnoto - ot vutr. pc da
> vijdam vyn6nite).a za aliasa - trqbva vytre6nata mreja da mi ostane
> makirana.ako naprava alias 6e mahna ednata lan-karta i sled tova da i
> sloja 2 IP-ta.tova li ima6 v predvid ???po vyn6nata mreja mi idva
> interneta i ot dostav4ika nqma li da mi vijdat vytr.pc-ta.to
> v toq slu4ai
> otpada maskiraneto.nomera e mrejata da si ostane maskirana za
> dostav4ika
> i tezi paketi deto sa za internet da se maskirat.a drugite deto sa za
> vyn6nata mreja da se predavat bez maskirane.no ne znam dali
> moje da stane
> tova i za tova pitam vas(predpolagam 4e ste dosta pred men za
> tea raboti).
> tova e.aide 4ao
>
>
>
>
>
>
>
>
>
>
>
>
> öèòèðàì Boyan Krosnov <bkrosnov@xxxxxxxx>:
>
> > Do kolkoto shwanah iskash opredelena usluga namirashta se
> na wytreshna
> > mashina da e dostypna ot 'otwyn'
> > towa stawa taka:
> > s iptables
> > iptables -t nat -I PREROUTING -p tcp -d <outside ip>
> --dport 80 -j DNAT
> > --to <inside ip>:80
> > towa forwardwa konekcii za 80-ti port na wynshniq ti adres
> do wytreshna
> > mashina na adres <inside ip> na port 80.
> >
> > Ako li pyk trqbwa da izkarash edin opredelen ip adres da e
> widim otwyn
> > mojesh s alias na wynshnata karta prez NAT (podoben na
> gorniq) ili da
> > slojish wynshen adres na wyprosnoto pc i da obqsnish na
> routera ti da
> > ne
> > maskira.
> >
> > Ako li pyk te razbera po drugiq wyzmojen nachin- che ne ti raboti
> > maskiraneto izobshto to togawa
> > iptables -t nat -I POSTROUTING -s <internalnet/mask> -j SNAT --to
> > <outside ip>
> >
> > Utochni se molq te, ako ne sym nacelil posokata na mislite ti :)
> >
> > BR,
> > Boyan
> >
> > > -----Original Message-----
> > > From: linuxman [mailto:linuxman@xxxxxxx]
> > > Sent: Tuesday, April 30, 2002 6:24 PM
> > > To: lug-bg@xxxxxxxxxxxxxxxxxx
> > > Subject: lug-bg: problem otnosno rutiraneto
> > >
> > >
> > >
> > > imam 1 problem.golqm problem.
> > > zna4i stava duma za malka ethernet mreja (5 pc).imam
> router koito mi
> > > trqbva za maskirane rutirane i syrver za ke6irane.ima 2 lan-karti
> > > pyrvata e vyn6nata po koqto mi idva interneta i vtorata vytre6na.
> > > rutera si maskira si4ko to4no.ot vynka ne me vijdat.oba4e
> na men mi
> > > trqbva da vijdam otvynka.ako nqkoi moje da mi pomogne
> neka go napravi
> >
> > > predvaritelno mu blagodarq.samo iskam da kaja 4e izklu4vame
> > > vyzmojnosta za
> > > ne znam no si govorihme s 1 priqtel i toi mi kaza 4e moje da
> > > stane s alias
> > > no ako naprava alias ednata karta nqma da e nujna.nqma li da
> > > se razmaskira
> > > mrejata ako ostana s 1 karta.nadqvam se 4e se nqkoi 6e otdel
> > > ot vremeto si
> > > da mi pomogne.mersi
> > > __________________________________
> > > 12MB-POP3-WAP-SMS---TOBA-E-mail.bG
> > > ----------------------------------
> > >
> > > " Ako uckame u Bue agpec B mail.bg
> > > ugeme myk: http://www.mail.bg/new/ "
> > >
> > > ==============================================================
> > > ==============
> > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> > > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd.
> > > - Stara Zagora
> > > To unsubscribe:
> http://www.linux-> bulgaria.org/public/mail_list.html
> > >
>
> ==============================================================
> > > ==============
> > >
> >
> ==============================================================
> ============
> ==
> > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> > http://www.linux-bulgaria.org - Hosted by Internet Group
> Ltd. - Stara
> > Zagora
> > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> >
> ==============================================================
> ============
> ==
> >
>
> __________________________________
> 12MB-POP3-WAP-SMS---TOBA-E-mail.bG
> ----------------------------------
>
> " Ako uckame u Bue agpec B mail.bg
> ugeme myk: http://www.mail.bg/new/ "
>
> ==============================================================
> ==============
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd.
> - Stara Zagora
> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
> ==============================================================
> ==============
>
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|