Re: [rlug] problema routare

Wed, 22 Jul 2009 03:54:37 -0700 

Catalin Muresan wrote:

On Wed, Jul 22, 2009 at 1:06 AM, G Vasiliu<[email protected]> wrote:

Salut,

Vreo idee unde ar fi gresala?
Pe forward am pus pe accept pt ca am crezut initial ca am vreo balarie
prin iptables.


pare ok tot ce mai jos, ce a ramas e setup-ul pe un client din
207.112.107.248/29

ipconfig /all
route print (parca)
tracert -d www.google.com

daca sunt windows-uri, daca nu ce am spus mai devreme


/sbin/ip route
207.112.107.240/29 dev eth1  proto kernel  scope link  src 207.112.107.242
207.112.107.248/29 dev eth0  proto kernel  scope link  src 207.112.107.249
172.16.100.0/24 dev eth0  proto kernel  scope link  src 172.16.100.1
169.254.0.0/16 dev eth1  scope link
default via 207.112.107.241 dev eth1


 /sbin/ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
   inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:0c:76:ff:3c:25 brd ff:ff:ff:ff:ff:ff
   inet 207.112.107.249/29 brd 207.112.107.255 scope global eth0
   inet 172.16.100.1/24 brd 172.16.100.255 scope global eth0:0
   inet6 fe80::20c:76ff:feff:3c25/64 scope link
      valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 10
   link/ether 00:0c:76:fd:70:58 brd ff:ff:ff:ff:ff:ff
   inet 207.112.107.242/29 brd 207.112.107.247 scope global eth1
   inet6 fe80::20c:76ff:fefd:7058/64 scope link
      valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
   link/sit 0.0.0.0 brd 0.0.0.0


cat /proc/sys/net/ipv4/ip_forward
1
[r...@linux-gateway etc]# iptables -nvL FORWARD
Chain FORWARD (policy ACCEPT 20 packets, 1200 bytes)
 pkts bytes target     prot opt in     out     source               destination


traceroute www.google.com -s 207.112.107.242
traceroute to www.google.com (64.233.161.104), 30 hops max, 40 byte packets
 1  host-207-112-107-241.static.dsl.primus.ca (207.112.107.241)  1.231
ms   1.417 ms   1.781 ms
 2  * * *
 3  core2.tor.primus.ca (216.254.130.165)  47.883 ms   49.504 ms   47.379 ms

bla bla bla
(216.239.48.190)  72.522 ms
10  od-in-f104.google.com (64.233.161.104)  71.019 ms   69.643 ms   67.139 ms

traceroute www.google.com -s 207.112.107.249
traceroute to www.google.com (64.233.161.104), 30 hops max, 40 byte packets
 1  host-207-112-107-241.static.dsl.primus.ca (207.112.107.241)  1.169
ms   1.473 ms   1.534 ms
 2  * * *
 3  216.254.131.17 (216.254.131.17)  46.288 ms   46.037 ms   45.352 ms
 4  gw-primus.torontointernetxchange.net (198.32.245.22)  47.654 ms
47.276 ms   45.274 ms

 bla bla bla
10  od-in-f104.google.com (64.233.161.104)  69.938 ms   71.806 ms   69.801 ms

_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug



_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
Ai neaparat nevoie de ip-uri reale in reteaua interna? Lasa ip-uri private in reteaua interna si fa SNAT pe router. iptables -t nat -A POSTROUTING -o $EXTERNAL_IFACE -s <private.network>/<netmask> -j SNAT --to-source <address.range> 
/28 e si asa mic. Daca il spargi mai pierzi 2 adrese.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

Raspunde prin e-mail lui