Re: [Sysadmins] NAT + Cisco CP-6921 ( Skinny Client Control Protocol )

Viacheslav Dubrovskyi Thu, 28 Feb 2013 00:09:35 -0800

28.02.2013 10:07, Viacheslav Dubrovskyi пишет:

28.02.2013 09:54, Павел Иванов пишет:



четверг, 28 февраля 2013 г. пользователь Павел Иванов писал:

    *ip a*
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
    pfifo_fast state UP qlen 1000
        link/ether 00:17:31:d3:7a:40 brd ff:ff:ff:ff:ff:ff
        inet 172.27.149.252/24 <http://172.27.149.252/24> brd
    172.27.149.255 scope global eth0
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
    pfifo_fast state UP qlen 1000
        link/ether 1c:7e:e5:cc:d6:d3 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.170/24 <http://192.168.1.170/24> brd
    192.168.1.255 scope global eth1
    4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
    pfifo_fast state DOWN qlen 1000
        link/ether 34:08:04:29:d1:91 brd ff:ff:ff:ff:ff:ff

    *iptables -L -n -v*
    Chain INPUT (policy ACCEPT 136 packets, 14443 bytes)

pkts bytes target prot opt in out sourcedestination


    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out sourcedestination

        0     0 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>           state
    RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0>            172.27.149.5
       22  1128 ACCEPT     all  --  *      * 192.168.1.130 0.0.0.0/0
    <http://0.0.0.0/0>
        2   120 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0>            192.168.1.130

    *iptables -t nat -L -n -v*
    Chain INPUT (policy ACCEPT 136 packets, 14443 bytes)

pkts bytes target prot opt in out sourcedestination


    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out sourcedestination

        0     0 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>           state
    RELATED,ESTABLISHED
        0     0 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0>            172.27.149.5
       22  1128 ACCEPT     all  --  *      * 192.168.1.130 0.0.0.0/0
    <http://0.0.0.0/0>
        2   120 ACCEPT     all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0>            192.168.1.130

    Chain OUTPUT (policy ACCEPT 57 packets, 6444 bytes)

pkts bytes target prot opt in out sourcedestination

    [root@host-1 sysconfig]# iptables -t nat -L -n -v
    Chain PREROUTING (policy ACCEPT 43 packets, 5776 bytes)

pkts bytes target prot opt in out sourcedestination

        1    60 DNAT       all  --  *      * 0.0.0.0/0
    <http://0.0.0.0/0>            172.27.149.5      to:192.168.1.130

    Chain POSTROUTING (policy ACCEPT 17 packets, 892 bytes)

pkts bytes target prot opt in out sourcedestination6 360 SNAT all -- * * 192.168.1.130!192.168.1.0/24 <http://192.168.1.0/24> to:172.27.149.5


    Chain OUTPUT (policy ACCEPT 16 packets, 832 bytes)

pkts bytes target prot opt in out sourcedestination

Вы даже скопипастить не можете правильно :(. В таблице nat нет цепочкиINPUT, FORWARD и т.д.

И куда потеряли PREROUTING ?


Сорри, недосмотрел внимательно. Нашел :)
Жирный шрифт сбил.

--
WBR,
Viacheslav Dubrovskyi

_______________________________________________
Sysadmins mailing list
[email protected]
https://lists.altlinux.org/mailman/listinfo/sysadmins

Re: [Sysadmins] NAT + Cisco CP-6921 ( Skinny Client Control Protocol )

Ответить