Re: lug-bg: Problemi pri linux 2.4 i NAT sus iptables

Tue, 18 Dec 2001 11:06:57 -0800 

On Tuesday 18 December 2001 18:29, you wrote:
> Zdrawej
> Taka e praw si za static nat stawa duma ili Source NAT (SNAT).
> Interfaceto sum go wdignal otdawna - inache wuobshte ne poteglia NAT-a
ne stava duma za vdigane na interfejsa, to qsno 4e trqbwa da e vdignat, 
stavashe vypros da vdignesh i ip alias za tozi interfejs (iglezhda taka  
beshe napisal ip-tata) , no tova e po zhelanie:
kakto imash eth0 s IP 172.16.31.100, praish my edin ip alias 
ifconfig eth0:0 172.16.31.110  
(t.e. pravish virtual hosting na network layer-a..., mozhe da slozhish i oste 
ip aliases na tozi interfejs: 
ifconfig eth0:1 172.16.31.111 i t.n. 
nqma zna4enie koe ot tezi IP-ta ste se polzwa)

> Problema e kak da potegli trafika i wuw 2-rata posoka t.e. ot router-a
> 172.16.31.110 kum wutreshnata mashina ?
> Triabwa li tam da polzwam DNAT ? t.e. da napisha obratnoto prawilo ili
> samo SNAT-a e dostatuchen ?

DNAT (destination NAT) trqbva da ima. T.e ste se promenq destination ip/port 
na paketite idvashti otvyn, stoto otvyn nikoj ne znae za tvoq maskiran host, 
samo Masq servera mozhe da znae negovite ip/port i syotvetno pravi promenite 
v tcp/udp/icmp paketite.

za "nat" tablicata za prerouting chain-a trqbwa da imash:

iptables -t nat -A PREROUTING -d 172.16.31.100  -o eth1 -j DNAT 
--to-destination 192.168.0.10 

a predi tova bi trqbvalo da imash: 
iptables -A FORWARD  -i eth0 -o eth1 -j ACCEPT
(edni zdravi pravila v filter tablica si  napravi, stoto tazi machina ste ti 
byde i kato firewall,  i vsi4kiq trafik kojto ste e za maskiranite machini e 
hubavo da se filtrosva zdravo tuka i posle da vliza navytre).

sega neznam dali sym ocelil vsi4ko ... ta tova se kazva ipportforwarding ot 
masq servera kym maskiraniq host (mozhe i kym nemaskiran takyv).
na masq server-a vmesto 172.16.31.100 mozhe da polzvash aliasa 172.16.31.110. 
za DNAT vmesto single ip-ta i portove mozhe da zadadesh ranges ot ip-ta i 
portove (vizh man-a na iptables za DNAT). 
 
-- 
Greets, 
fr33zb1
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

Reply via email to