Hello Mihai, Friday, February 01, 2002, 5:18:36 PM, you wrote:
MM> From: "m" <[EMAIL PROTECTED]> >>Si acum problema : daca vreau sa ma conectez de pe oricare din >>calc 2,3,4 la calc1 pe unul din porturile 8081, 8082, 8083 nu >>merge!Asadar nu ma DNAT-eaza inapoi catre 192.168.0.10, 11 sau 12! MM> Hm... Am mai raspuns la intrebarea asta. O sa caut in arhiva listei ca MM> sa vad de cate ori... oops... MM> Ce se intampla defapt: MM> (A) comp cu 192.168.0.1 plus IPREAL MM> (B) comp cu 192.168.0.11 MM> (C) comp cu 192.168.0.12 MM> (B) trimite pachet (P) la IPREAL. (A) face DNAT in (P), dupa care il MM> trimite la (C). (C) vede ca sursa a (P) pe (B), drept care ii raspunde MM> direct lui (B). Care nu pricepe ce se intampla, pentru ca el a trimis MM> pachet la IPREAL si a primit raspuns de la (C). MM> In termeni mai generali, pachetele conexiunilor NAT-ate trebuie sa MM> treaca in ambele sensuri prin acelasi computer (router). MM> Exista workaround pentru povestea asta. (A) trebuie sa faca SNAT pe (P) MM> ca sa fie sigur ca raspunsurile ajung tot la el. MM> Ai deja: MM> iptables -t nat -A PREROUTING -d 213.x.x.x --dport 8080 -j DNAT MM> --to-destination 192.168.0.10:8080 MM> iptables -t nat -A PREROUTING -d 213.x.x.x --dport 8081 -j DNAT MM> --to-destination 192.168.0.11:8081 MM> iptables -t nat -A PREROUTING -d 213.x.x.x --dport 8082 -j DNAT MM> --to-destination 192.168.0.10:8082 MM> Mai trebuie sa adaugi: MM> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.10 -p MM> tcp --dport 8080 MM> -j SNAT --to-source 192.168.0.1 MM> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.11 -p MM> tcp --dport 8081 MM> -j SNAT --to-source 192.168.0.1 MM> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 192.168.0.12 -p MM> tcp --dport 8082 MM> -j SNAT --to-source 192.168.0.1 MM> By the way, eu in loc de: MM> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT MM> --to-destination 213.x.x.x MM> as pune (neaparat DUPA cele trei de mai sus): MM> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 MM> -d ! 192.168.0.0/24 MM> -j SNAT --to-destination 213.x.x.x MM> Nu de alta, dar n-ai nici un motiv sa masqueradezi (pardon, snat-ezi) MM> conexiunile spre reteaua interna. MM> Sper sa nu-mi fi scapat ceva, ca sunt cam chiaun de raceala. MM> Bibilografie: MM> http://netfilter.samba.org/documentation/HOWTO/NAT-HOWTO-10.html MM> (Se cheama Destination NAT Onto the Same Network) hihi, cand am citit eu chestia aia ziceam ca nu o sa am nevoie de asemenea intortocheri si d-aia nu prea s-a fixat MM> Spor mersic MM> Mihai MM> --- MM> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to MM> unsubscribe from this list. -- Best regards, m mailto:[EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
