Re: lug-bg: iptables
- Subject: Re: lug-bg: iptables
- From: mr700@email.domain.hidden (Doncho N. Gunchev)
- Date: Wed, 5 Mar 2003 19:09:51 +0200
ops... moq greshka, taka e, w iptables ne mojesh da polzwash -i pri
POSTROUTING-a :(. Spored documentatziqta moje da stane kato predi towa si gi
markirash. Do kolkoto stignah az kato ideq... slednoto trqa da raboti:
1: markirash si na forward kakvoto shte trqa da maskirash
root# iptables -t mangle -A FORWARD -i ppp+ -j MARK --set-mark 1
2. w postrouting-a maskirash markiranite paketi ;)
root# iptables -t nat -A POSTROUTING -m mark --mark 1 -j MASQUERADE
ako nqkoi zabeleji greshka i/ili e rabotil po tazi ideq da me korigira ako
gresha.
lagam w FORWARD markiraneto zashtoto ako sa direktno za router-a mislq nqa
ideq da se markirat/maskirat ;) nali? Ne sym go probwal no 1 byrzo google po
wyprosa razprawq che trqa da raboti... probwai i pishi ;) kysmet
mojesh da mark-wash (eksperimentalno) s chislo koeto e dwoina duma: s drugi
dumi do 4 294 967 295 razlichni markirowki (0xFFFFFFFF)... koeto mislq shte
ti stigne... po skoro shte ti swyrshi RAM-a/CPU-to ;]]] - markiraite na volq
(btw: sled kratka sprawka tuk... stignahme do izwoda che chowek moje da si
markira wsqka mashina ot IPv4 prostranstwoto s sobstwen marker)... ok de, ok,
spiram se!
za irc-to wij help-a na linux-a w /usr/src/linux/Documentation - tam si pishe
kak da zadadesh portowete za irc. ICQ-to nqma modul za connection tracking
(oshte) poradi koeto mu dai http proxy kakto kazah, novite versii rabotqt bez
problem s SQUID ako se dade keep-alive optziq (10xz 2 silent).
| On Wednesday 05 March 2003 18:24, you wrote:
| Linux gate 2.4.19 #1 Wed Oct 16 16:56:12 EEST 2002 i686 unknown
| ppp-2.4.1-3mppe
| pptpd-1.1.3-2
| cpp-2.96-112.7.2
| tcp_wrappers-7.6-19
| pptp-linux-1.1.0-1
|
| [root_at_gate ~]# /sbin/iptables -t nat -A POSTROUTING -s 192.168.101.0/24
| -i ppp+ -j MASQUERADE
| iptables v1.2.5: Can't use -i with POSTROUTING
|
| sled towa slagam
| /sbin/iptables -t nat -A POSTROUTING -s 192.168.101.0/24 -o ppp+ -j
| MASQUERADE
| oba4e ICQ I IRC ne wyrwqt
|
|
|
| -----Original Message-----
| From: Doncho N. Gunchev [mailto:mr700_at_ultranet.bg]
| Sent: Wednesday, March 05, 2003 11:20 AM
| To: lug-bg_at_linux-bulgaria.org
| Cc: rusan
| Subject: Re: lug-bg: iptables
|
| A imash li ip_conntrack_ftp i ip_conntrack_irc? ICQ-to raboti prez
| http
| proxy(squid). ip_contrack_irc ima optzii za portowete...
| Dai malko danni na tema kakwo qdro polzwash, kakyw pppd, poptp
| versiq
| ili, distro, versii... i taka natatyk.
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|