Help настроить сеть

Главная » Форум » Хостинги / Домены / Железо »

Тема: Help настроить сеть

цитата
11/01/08 в 14:03

topmaster
тачка с линуксом подключена к нету через адсл, в нее воткнута витуха (кривая) до второй тачки с вендой. требуется чтоб тачка с вендой тож лазила в нете.

настройки венды http://img213.imageshack.us/my.php?image=vendayw4.gif

сетевой интерфейс на линухе поднимается следующим образом
Код:

#ifconfig eth0 up 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255

Код:

[root@localhost admin]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1A:92:B1:AC:CB
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21a:92ff:feb1:accb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1227 errors:0 dropped:0 overruns:0 frame:0
TX packets:69 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:206942 (202.0 KiB) TX bytes:11116 (10.8 KiB)
Interrupt:17

eth1 Link encap:Ethernet HWaddr 00:18:DE:C7:86:7D
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1 errors:1 dropped:184 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:8170 (7.9 KiB)
Interrupt:16 Base address:0xc000 Memory:fe0ff000-fe0fffff

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:896 (896.0 b) TX bytes:896 (896.0 b)

nas0 Link encap:Ethernet HWaddr 00:13:49:1F:09:16
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:49ff:fe1f:916/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3817 errors:0 dropped:0 overruns:0 frame:0
TX packets:3870 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1919600 (1.8 MiB) TX bytes:667159 (651.5 KiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:айпи P-t-P:айпи Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3705 errors:0 dropped:0 overruns:0 frame:0
TX packets:3729 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1884687 (1.7 MiB) TX bytes:538205 (525.5 KiB)

сюдя по всему неудачная попытка настроить нат
Код:

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 192.168.0.10

листинг iptables
Код:

[root@localhost admin]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG udp -- anywhere anywhere udp dpts:0:1023 LOG level warning
LOG tcp -- anywhere anywhere tcp dpts:0:1023 LOG level warning
DROP udp -- anywhere anywhere udp dpts:0:1023
DROP tcp -- anywhere anywhere tcp dpts:0:1023
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
DROP icmp -- anywhere anywhere icmp echo-request

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain Drop (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:113
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports 135,445
DROP udp -- anywhere anywhere udp dpts:137:139
DROP udp -- anywhere anywhere udp spt:137 dpts:1024:65535
DROP tcp -- anywhere anywhere multiport dports 135,139,445
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:53

Chain Ifw (0 references)
target prot opt source destination
RETURN 0 -- anywhere anywhere set ifw_wl src
DROP 0 -- anywhere anywhere set ifw_bl src
IFWLOG 0 -- anywhere anywhere state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 2 hi-ports-weight: 1 IFWLOG prefix 'SCAN'

Chain Reject (1 references)
target prot opt source destination
reject tcp -- anywhere anywhere tcp dpt:113
dropBcast 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
dropInvalid 0 -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports 135,445
reject udp -- anywhere anywhere udp dpts:137:139
reject udp -- anywhere anywhere udp spt:137 dpts:1024:65535
reject tcp -- anywhere anywhere multiport dports 135,139,445
DROP udp -- anywhere anywhere udp dpt:1900
dropNotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:53

Chain all2all (0 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Reject 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:all2all:REJECT:'
reject 0 -- anywhere anywhere

Chain dropBcast (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast

Chain dropInvalid (2 references)
target prot opt source destination
DROP 0 -- anywhere anywhere state INVALID

Chain dropNotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic (8 references)
target prot opt source destination

Chain eth0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere

Chain eth0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere

Chain eth0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain eth1_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
loc2net 0 -- anywhere anywhere
loc2net 0 -- anywhere anywhere
loc2net 0 -- anywhere anywhere

Chain eth1_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
loc2fw 0 -- anywhere anywhere

Chain eth1_out (0 references)
target prot opt source destination
fw2loc 0 -- anywhere anywhere

Chain fw2loc (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain fw2net (3 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain loc2fw (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain loc2net (3 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logdrop:DROP:'
DROP 0 -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:logreject:REJECT:'
reject 0 -- anywhere anywhere

Chain nas0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere

Chain nas0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere

Chain nas0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain net2all (6 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
Drop 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Shorewall:net2all:DROP:'
DROP 0 -- anywhere anywhere

Chain ppp0_fwd (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
net2all 0 -- anywhere anywhere

Chain ppp0_in (0 references)
target prot opt source destination
dynamic 0 -- anywhere anywhere state INVALID,NEW
net2all 0 -- anywhere anywhere

Chain ppp0_out (0 references)
target prot opt source destination
fw2net 0 -- anywhere anywhere

Chain reject (8 references)
target prot opt source destination
DROP 0 -- anywhere anywhere PKTTYPE = broadcast
DROP 0 -- anywhere anywhere PKTTYPE = multicast
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurfs (0 references)
target prot opt source destination
LOG 0 -- 255.255.255.255 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- 255.255.255.255 anywhere
LOG 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere LOG level info prefix `Shorewall:smurfs:DROP:'
DROP 0 -- BASE-ADDRESS.MCAST.NET/4 anywhere
[root@localhost admin]#

таблица роутинга
Код:

[root@localhost admin]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
реал айпи 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 nas0
192.168.0.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 10 0 0 nas0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 192.168.0.1 0.0.0.0 UG 10 0 0 eth0

вопрос как сделать чтобы все это заработало?

цитата
12/01/08 в 16:36

pycc
что
Код:

cat /proc/sys/net/ipv4/ip_forward

показывает?
если 0, сделай
Код:

echo 1 > /proc/sys/net/ipv4/ip_forward

цитата
13/01/08 в 19:58

Insert
NAT и DHCP Relay поднимай на модеме. В винде ставь получать адрес автоматически (DHCP). Я думаю у любого xDSL модема есть веб интерфейс, где все можно интуитивно сделать методом тыка

цитата
13/01/08 в 20:08

lega_cobra
NAT не верно настроен. Надо -s 192.168.1.0/24

цитата
13/01/08 в 20:12

topmaster
вобщем разурлил таким скриптом

Код:

#!/bin/sh

IPTABLES=/sbin/iptables
# EXTIF - external interface connected to the Internet
# INTIF - internal interface
EXTIF="ppp0"
INTIF="eth0"

echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"

echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -F
$IPTABLES -X

echo " FWD: Allow all connections OUT and only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

цитата
13/01/08 в 20:13

topmaster
Insert писал:

NAT и DHCP Relay поднимай на модеме. В винде ставь получать адрес автоматически (DHCP). Я думаю у любого xDSL модема есть веб интерфейс, где все можно интуитивно сделать методом тыка

так винда тут причем, ей модем никто не дает
модем у линуха
а он раздает инет через витуху винде

Новая тема Ответить

Эта страница в полной версии