Kratkiq otgowor: iptables -t nat -I POSTROUTING -i <inside_intf> -o <outside_intf> -s <internalnet/mask> -d !<outsidenet/mask> -j SNAT --to <outside ip> :) Dylgiq otgowor: Kato prawish SNAT kernela pazi systoqnieto na konekciite (state) koito sa maskirani i pri poluchawane na paket po nqkoq ot tezi konekcii sys destination ip <outside ip> go razmaskira. Syshto se sprawq i s generiraneto prepredawaneto na kontrolni ICMP syobshteniq otnasqshti se do tezi konekcii. Syshto mojesh da si instalirash protokolni pomoshtnici kato conntrack_ftp i conntrack_irc (+ syotwetnite im ipt moduli) koito da syzdawat dopylnitelno prawila w tablicata za translaciite. Sys spomenatoto po-gore iptables prawilo tablicata sys translaciite se modificira samo za nowi konekcii koito otgowarqt na wsichkite tezi uslowiq: 1. idwat ot wytreshniq ti interface 2. izlizat prez wynshniq interface 3. sa sys source adres popadasht w mrejata <internalnet/mask> 4. sa sys destination adres _NE_ popadasht w mrejata <outsidenet/mask>
Ne e nujno da swyrzwash dwata etherneta za da imash ip swyrzanost m/u maskiranata ti mreja i wynshnata ti mreja. Nito e nujno da go prawish za da ti se wijdat mashinite prez windowskiq network neighbourhood. W kakyv smisyl da gi 'wijdash' ? Da mogat da si browsewash share-ite ili da ima ip swyrzanost m/u tqh? Ako imash w predwid da mogat da se browsewast pc-tata w windowskata ti mreja w/u TCP/IP togawa ti trqbwa WINS server ili nqkakwo application level CIFS proxy kato smbweb (maj taka se kazwashe, probwaj i smbwww ako ne mojesh da namerish smbweb). I posledno, shte ti e polezno da hwyrlish edin pogled na http://www.samba.org/samba/ftp/docs/htmldocs/using_samba/. BR, Boyan > -----Original Message----- > From: linuxman [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 01, 2002 1:07 PM > To: [EMAIL PROTECTED] > Subject: RE: lug-bg: problem otnosno rutiraneto > > > > ne be ne.na4i maskiraneto si mi raboti na 6.vyprosa e 4e > otvynka trqbva > da vijdam pc-tata vyv vytre6nata mreja(i obratnoto - ot vutr. pc da > vijdam vyn6nite).a za aliasa - trqbva vytre6nata mreja da mi ostane > makirana.ako naprava alias 6e mahna ednata lan-karta i sled tova da i > sloja 2 IP-ta.tova li ima6 v predvid ???po vyn6nata mreja mi idva > interneta i ot dostav4ika nqma li da mi vijdat vytr.pc-ta.to > v toq slu4ai > otpada maskiraneto.nomera e mrejata da si ostane maskirana za > dostav4ika > i tezi paketi deto sa za internet da se maskirat.a drugite deto sa za > vyn6nata mreja da se predavat bez maskirane.no ne znam dali > moje da stane > tova i za tova pitam vas(predpolagam 4e ste dosta pred men za > tea raboti). > tova e.aide 4ao > > > > > > > > > > > > > цитирам Boyan Krosnov <[EMAIL PROTECTED]>: > > > Do kolkoto shwanah iskash opredelena usluga namirashta se > na wytreshna > > mashina da e dostypna ot 'otwyn' > > towa stawa taka: > > s iptables > > iptables -t nat -I PREROUTING -p tcp -d <outside ip> > --dport 80 -j DNAT > > --to <inside ip>:80 > > towa forwardwa konekcii za 80-ti port na wynshniq ti adres > do wytreshna > > mashina na adres <inside ip> na port 80. > > > > Ako li pyk trqbwa da izkarash edin opredelen ip adres da e > widim otwyn > > mojesh s alias na wynshnata karta prez NAT (podoben na > gorniq) ili da > > slojish wynshen adres na wyprosnoto pc i da obqsnish na > routera ti da > > ne > > maskira. > > > > Ako li pyk te razbera po drugiq wyzmojen nachin- che ne ti raboti > > maskiraneto izobshto to togawa > > iptables -t nat -I POSTROUTING -s <internalnet/mask> -j SNAT --to > > <outside ip> > > > > Utochni se molq te, ako ne sym nacelil posokata na mislite ti :) > > > > BR, > > Boyan > > > > > -----Original Message----- > > > From: linuxman [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, April 30, 2002 6:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: lug-bg: problem otnosno rutiraneto > > > > > > > > > > > > imam 1 problem.golqm problem. > > > zna4i stava duma za malka ethernet mreja (5 pc).imam > router koito mi > > > trqbva za maskirane rutirane i syrver za ke6irane.ima 2 lan-karti > > > pyrvata e vyn6nata po koqto mi idva interneta i vtorata vytre6na. > > > rutera si maskira si4ko to4no.ot vynka ne me vijdat.oba4e > na men mi > > > trqbva da vijdam otvynka.ako nqkoi moje da mi pomogne > neka go napravi > > > > > predvaritelno mu blagodarq.samo iskam da kaja 4e izklu4vame > > > vyzmojnosta za > > > ne znam no si govorihme s 1 priqtel i toi mi kaza 4e moje da > > > stane s alias > > > no ako naprava alias ednata karta nqma da e nujna.nqma li da > > > se razmaskira > > > mrejata ako ostana s 1 karta.nadqvam se 4e se nqkoi 6e otdel > > > ot vremeto si > > > da mi pomogne.mersi > > > __________________________________ > > > 12MB-POP3-WAP-SMS---TOBA-E-mail.bG > > > ---------------------------------- > > > > > > " Ako uckame u Bue agpec B mail.bg > > > ugeme myk: http://www.mail.bg/new/ " > > > > > > ============================================================== > > > ============== > > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > > > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. > > > - Stara Zagora > > > To unsubscribe: > http://www.linux-> bulgaria.org/public/mail_list.html > > > > > ============================================================== > > > ============== > > > > > > ============================================================== > ============ > == > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > > http://www.linux-bulgaria.org - Hosted by Internet Group > Ltd. - Stara > > Zagora > > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > > > ============================================================== > ============ > == > > > > __________________________________ > 12MB-POP3-WAP-SMS---TOBA-E-mail.bG > ---------------------------------- > > " Ako uckame u Bue agpec B mail.bg > ugeme myk: http://www.mail.bg/new/ " > > ============================================================== > ============== > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. > - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > ============================================================== > ============== > ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
