Re: lug-bg: iptables "match mark" problem
- Subject: Re: lug-bg: iptables "match mark" problem
- From: gecata@email.domain.hidden (gecata)
- Date: Fri, 7 Mar 2003 12:03:43 +0200
Spored men triabva i da -j RETURN markiranite paketi. Ne sym go
pravil, no imah vysmojnostta da razgledam sript praven ot "Iptables
GURU". Tochno tova praveshe choveka, pyrvo markira, posle RETURN-va.
Ne mojah da si obiasnia zashto, no mai e po-chitavo taka. Razgledai
advanced routing howto. Tam sa opisani verigite i nachina po koito
paketite vlizat, preminavat i izlizat ot mashinata. Priatno chetene.
---------- Original Message -----------
From: Georgi Chorbadzhiyski <gf_at_unixsol.org>
To: lug-bg_at_linux-bulgaria.org
Sent: Fri, 07 Mar 2003 10:09:50 +0200
Subject: lug-bg: iptables "match mark" problem
<em class="quotelev1">> Çäðàâåéòå,
<em class="quotelev1">>
<em class="quotelev1">> èäåÿòà å ñëåäíàòà ìàðêèðàì ñè áúëãàðñêèòå ìðåæè ñ 16. Âñè÷êè
<em class="quotelev1">> îñòàíàëè ñ 8. Èñêàì äà èçïîëçâàì òîâà ìàðêèðàíå çà äà ìîãà
<em class="quotelev1">> çàÿâêèòå çà áúëãàðñêè ìðåæè äà ãè ìàñêèðàì çàä îïðåäåëåíî IP.
<em class="quotelev1">>
<em class="quotelev1">> iptables -A PREROUTING -t nat -s 10.0.0.0/8 --match mark --
<em class="quotelev1">> mark 16 -j SNAT --to 193.110.159.3
<em class="quotelev1">>
<em class="quotelev1">> Òîâà ñïîðåä âñÿêà äîêóìåíòàöèÿ êîÿòî óñïÿõ äà èçðîâÿ òðÿáâà
<em class="quotelev1">> äà ðàáîòè, îáà÷å âìåñòî òîâà ïîëó÷àâàì ãðåøêà
<em class="quotelev1">>
<em class="quotelev1">> iptables: Invalid argument
<em class="quotelev1">>
<em class="quotelev1">> Íÿêàêâè èäåè?
<em class="quotelev1">>
<em class="quotelev1">> P.S. Ïðåäè äà êàæåòå ÷å mark ìîäóëà íå ðàáîòè èçîáùî, íå å
<em class="quotelev1">> òîâà :) Ñëåäíèÿò ðåä ñè ðàáîòè ïåðôåêòíî
<em class="quotelev1">>
<em class="quotelev1">> # Tuka kvo treve da se vidi samo ot BG
<em class="quotelev1">> iptables -A FORWARD -s ! 193.110.159.0/24 -d 193.110.159.37 -
<em class="quotelev1">> -match mark --mark 8 -j REJECT
<em class="quotelev1">>
<em class="quotelev1">> P.P.S. Ìðåæèòå ñà ìàðêèðàíè ïî ñëåäíèÿò íà÷èí:
<em class="quotelev1">>
<em class="quotelev1">> iptables -F -t mangle
<em class="quotelev1">> iptables -A PREROUTING -t mangle -j MARK --set-mark 8
<em class="quotelev1">>
<em class="quotelev1">> sort -n bg_nets bg_nets_unlisted | \
<em class="quotelev1">> while read NET
<em class="quotelev1">> do
<em class="quotelev1">> iptables -A PREROUTING -t mangle -s $NET -j MARK --
<em class="quotelev1">> set-mark 16 iptables -A PREROUTING -t mangle -d $NET -
<em class="quotelev1">> j MARK --set-mark 16 done
<em class="quotelev1">>
<em class="quotelev1">> --
<em class="quotelev1">> Georgi Chorbadzhiyski
<em class="quotelev1">> http://georgi.unixsol.org/
<em class="quotelev1">>
<em class="quotelev1">>
======================================================================
======
<em class="quotelev1">> A mail-list of Linux Users Group - Bulgaria (bulgarian
<em class="quotelev1">> linuxers). http://www.linux-bulgaria.org - Hosted by
<em class="quotelev1">> Internet Group Ltd. - Stara Zagora To unsubscribe:
<em class="quotelev1">> http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">>
======================================================================
======
<em class="quotelev1">>
<em class="quotelev1">> --
<em class="quotelev1">> This message has been scanned for viruses and
<em class="quotelev1">> dangerous content by MailScanner, and is
<em class="quotelev1">> believed to be clean.
------- End of Original Message -------
<p>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|