Последните мнения на: bladebg

Добре дошъл/дошла, Гост. Моля, въведи своето потребителско име или се регистрирай. Влез с потребителско име, парола и продължителност на сесията

Linux за българи: Форуми

Покажи Публикации - bladebg
Виж публикациите на потр. \| Виж темите на потр. \| Виж прикачените файлове на потр
Страници: [1]

1	Linux секция за начинаещи / Настройка на програми / Въпрос за Fedora 10	-: Apr 18, 2009, 15:29
Здравейте, Инсталнах си Fedora 10 на една машина да я ползвам като рутер но имам следния проблем - на машината след рутера която е с Windows XP неотваря някой страници, а на самия рутер няма проблеми. Нета ми е на пппое и съм направил тези настройки на федората: /etc/sysctl.conf - net.ipv4.ip_forward = 1 iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT това е в iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination и това е в iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination

2	Linux секция за начинаещи / Настройка на програми / Re: Настройки на IPTABLES на Suse 11.1	-: Feb 28, 2009, 23:21
Като ги напиша не иска да пусне интернет на втората машина, а ето какво е в iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state RELATED input_int all -- anywhere anywhere input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU forward_int all -- anywhere anywhere forward_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain forward_int (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV ' reject_func all -- anywhere anywhere Chain input_ext (2 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ftp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpts:30000:30100 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30100 LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' DROP all -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain input_int (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain reject_func (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable и какво ми дава в iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination П.С. А в кой фаил трябва да ги напиша за да важат след рестарт ?

3	Linux секция за начинаещи / Настройка на програми / Настройки на IPTABLES на Suse 11.1	-: Jan 03, 2009, 13:59
Аз съм начинаещ в конфигуриране на IPTABLES и се опитвам да подкарам една машина като рутер с Suse 11.1. Имам две лан карти и интернета ми е PPPoE конекция. Интернета на сусето работи и връзката между сусето и пц-то зад него работят. Четох няколко начина по който да подкарам нета но нещо не се получава. Пробвах през Yast-а в настройките на Firewall-а не стана, намерих в нета едни настройки iptables --table nat --append POSTROUTING --out-interface ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward като eth-то и ppp-то ми отговарят на мойте и не стана. Можеби трябва да направя още настройки защото нямам пинг от вътрешния към външния интерфейс. По принцип нета ми е с TTL=1 и преди малко намерих за дебиана настойка iptables -t mangle -A PREROUTING -i ppp0 -j TTL --ttl-inc 1 iptables -t mangle -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j TTL --ttl-set 64 дали тези настройки ще са ми полезни и за мене П.С. Ако нещо не съм обяснил както трябва моля извинете ме но много съм начинаещ в тази работа

Страници: [1]