|
|
Re: lug-bg: iptables "match mark" problem
- Subject: Re: lug-bg: iptables "match mark" problem
- From: vlk@email.domain.hidden (Vesselin Kolev)
- Date: Fri, 7 Mar 2003 10:52:41 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mislia, che SNAT ne vliza v sintaksisa na PREROUTING... Ne e li pravilnoto:
iptables -A PREROUTING -t nat -s 10.0.0.0/8 --match mark --mark 16 -j SNA --to
193.110.159.3
?
Pozdravi
Vesselin Kolev
On Friday 07 Mar 2003 10:09, Georgi Chorbadzhiyski wrote:
<em class="quotelev1">> Çäðàâåéòå,
<em class="quotelev1">>
<em class="quotelev1">> èäåÿòà å ñëåäíàòà ìàðêèðàì ñè áúëãàðñêèòå ìðåæè ñ 16. Âñè÷êè îñòàíàëè
<em class="quotelev1">> ñ 8. Èñêàì äà èçïîëçâàì òîâà ìàðêèðàíå çà äà ìîãà çàÿâêèòå çà áúëãàðñêè
<em class="quotelev1">> ìðåæè äà ãè ìàñêèðàì çàä îïðåäåëåíî IP.
<em class="quotelev1">>
<em class="quotelev1">> iptables -A PREROUTING -t nat -s 10.0.0.0/8 --match mark --mark 16 -j SNAT
<em class="quotelev1">> --to 193.110.159.3
<em class="quotelev1">>
<em class="quotelev1">> Òîâà ñïîðåä âñÿêà äîêóìåíòàöèÿ êîÿòî óñïÿõ äà èçðîâÿ òðÿáâà äà ðàáîòè,
<em class="quotelev1">> îáà÷å âìåñòî òîâà ïîëó÷àâàì ãðåøêà
<em class="quotelev1">>
<em class="quotelev1">> iptables: Invalid argument
<em class="quotelev1">>
<em class="quotelev1">> Íÿêàêâè èäåè?
<em class="quotelev1">>
<em class="quotelev1">> P.S. Ïðåäè äà êàæåòå ÷å mark ìîäóëà íå ðàáîòè èçîáùî, íå å òîâà :) Ñëåäíèÿò
<em class="quotelev1">> ðåä ñè ðàáîòè ïåðôåêòíî
<em class="quotelev1">>
<em class="quotelev1">> # Tuka kvo treve da se vidi samo ot BG
<em class="quotelev1">> iptables -A FORWARD -s ! 193.110.159.0/24 -d 193.110.159.37 --match mark
<em class="quotelev1">> --mark 8 -j REJECT
<em class="quotelev1">>
<em class="quotelev1">> P.P.S. Ìðåæèòå ñà ìàðêèðàíè ïî ñëåäíèÿò íà÷èí:
<em class="quotelev1">>
<em class="quotelev1">> iptables -F -t mangle
<em class="quotelev1">> iptables -A PREROUTING -t mangle -j MARK --set-mark 8
<em class="quotelev1">>
<em class="quotelev1">> sort -n bg_nets bg_nets_unlisted | \
<em class="quotelev1">> while read NET
<em class="quotelev1">> do
<em class="quotelev1">> iptables -A PREROUTING -t mangle -s $NET -j MARK --set-mark 16
<em class="quotelev1">> iptables -A PREROUTING -t mangle -d $NET -j MARK --set-mark 16
<em class="quotelev1">> done
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+aF3g+48lZPXaa+MRAlMmAJoDZSgl65L9VLFTO15J6e0AzqJExgCfc3Ro
0jHH5Vm/30iqYee+B8X6ukc=
=9zFI
-----END PGP SIGNATURE-----
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|