|
|
|
VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.
| Vupros |
| Ot: IMIM |
Data: 07/20/2003 |
nqkoi 6te moje li da mi dade to4nite komandi kak da si
naprava ma6inata s linux-sa da puska net na drugite 2 pc-ta
s windows interneta mi e po modem.
Blagodaria vi predvaritelno
|
| Otgovor #1 |
| Ot: Stefan (zmeio__at__mail __tochka__ orbitel __tochka__ bg) |
Data: 07/20/2003 |
Zdravei! Ideiata ti da napravish gateway za internet e super.
Neshtata sa lesni, triabva da napravish tri stupki.
1. Pazreshavane na ip forwarding. Pri debiana tova stava ot
faila /etc/network/options/
Sushto tova mozhe da napravish i kato promenish vuv faila
/proc/sys/net/ipv4/ip_forward stounosta 0 na 1. Tova stava s
echo ...
2. Triabva da pusnesh nat na interfeisa ot koito vzimash net.
Tova se pravi s iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
3. Triabva da pusnesh DNS Server na gateway-iat. Mozhe da
zadadesh na mashinite, koito shte polichavat net napravo DNS
Servera na ISP-to. Uspeh!!!
|
| Otgovor #2 |
| Ot: IMIM |
Data: 07/20/2003 |
pi4aga tova koeto mi kazva6 go prava no ne stava help pls
|
| Otgovor #3 |
| Ot: HEMA |
Data: 07/20/2003 |
kaji pone s kuv linux si brat
|
| Otgovor #4 |
| Ot: IMIM |
Data: 07/21/2003 |
RH9 molqvi help
|
| Otgovor #5 |
| Ot: King Nothing (nothing< at >mail__dot__bg) |
Data: 07/22/2003 |
Mi shtom si s modem (predpolagam dial-up)
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
|
| Otgovor #6 |
| Ot: sadmin (sadmin< at >abv __tochka__ bg) |
Data: 07/24/2003 |
#!/bin/sh
# added by SADMIN for cisco acad
# for more information see:
#
# Version 2.06
# - added (experimental) support for DNAT
# Version 2.05
# - move FORWARD default policy to rc.firewall scrip
#Verison 2.04
# - added xxx.xxx.xxx.xxxIP available for NAT
# Version 2.03
# - removed DROP policy for POSTROUTING - deny all trafic
from localhost
# Version 2.02
# - change default policy of POSTROUTING to DROP
# - change output message
# Version 2.01
# - added support for SNAT to support NAT-ting with more
than one IPs
# - change default poicy of FORWARD to DROP
# - added logging
VERSION_MAJOR="2"
VERSION_MINOR="06"
echo "Version ${VERSION_MAJOR}.${VERSION_MINOR}"
IPTABLES=/usr/sbin/iptables
EXTIF="eth1"
INTIF="eth0"
MASQ_NET="aaa.aaa.aaa.aaa/24"
SNAT_IPS="xxx.xxx.xxx.xxx"
SNAT_IPS2="yyy.yyy.yyy.yyy"
# setting up default policy
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
# Modified by SADMIN for tighten security
$IPTABLES -P FORWARD ACCEPT
# set this in rc.firewall script
# $IPTABLES -P FORWARD DROP
# clear all iptables rules for NAT
$IPTABLES -F
$IPTABLES -t nat -F
# added by SADMIN for Cisco Academy setup
echo " - Setting up for NAT"
echo " - Enabling MASQUERADing functionality on $EXTIF for
net $MASQ_NET"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -s $MASQ_NET -j
SNAT --to-source $SNAT_IPS --to-source $SNAT_IPS2
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s $MASQ_NET -j
ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
# Needed for DNAT
# $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
# may not be needed if default policy is DROP
# for the cas if someone chang its (internal net) IP
address
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -s ! $MASQ_NET -j
DROP
#
#
# log everything else...
# $IPTABLES -A FORWARD -j LOG
#echo "$IPTABLES -A FORWARD -i $EXTIF -m state --state
NEW,INVALID -j DROP"
# $IPTABLES -A FORWARD -i $EXTIF -m state --state
NEW,INVALID -j DROP
|
<< OpenOffice-reinstall pod Knoppix (1
) | naistina li winex3 ne raboti s RH9 (1
) >>
|
|
|
|
|
|
