Тема: Проблем с FlatTC (Прочетена 4930 пъти)

BuSteR · « -: Dec 03, 2008, 11:17 »

Компилацията на кернела се дъни при iptables IPCLASSIFY пакета при Gentoo 2.6.25 всичко друго си
минава нормално IPMARK , ipset.Вероятно проблема е в ядрото понеже гледам, че малко хора са подкарали IPCLASSIFY на ядро по-голямо от 2.6.21, та проблема ми е следния; поради по-горните причини не мога да използвам IPCLASSIFY пакета FlatTC на VladSun и за това ползвам IPMARK пакета FlatTC всичко си работи ОК с изключение на едно не шейпва ъплоад-а.Значи шейпинга на download-а си е перфектен разделя си ги на БГ и Международен и е перфектно точен със скоростите проблема ми е, че не работи за ъплоад канала поради тази причина се принудих да сложа IMQ, но не ме кефи като решение...мрежата е нормална натната мрежа от рода 192.168.0.x.x.Някой да има някакви идеи

VladSun · « **Отговор #1 -:** Dec 03, 2008, 13:30 »

Със сигурност ще се дъни инсталацията - IPCLASSIFY patch-a съм го писал за IPTABLES/kernel версиите преди да почнат промените в Netfilter кода, а от тогава не съм се занимавал много с трафик контрол. Един човек - Stanislav Kruchinin - ми прати негов patch за ядра >= 2.6.22 - можеш да го пробваш:

Код

GeSHi (C):
--- ipt_IPCLASSIFY.c    2007-07-12 17:39:57.000000000 +0400
+++ linux-2.6.21/net/ipv4/netfilter/ipt_IPCLASSIFY.c  2007-11-18 14:53:40.000000000 +0300
@@ -6,6 +6,7 @@
 
 #include <linux/module.h>
 #include <linux/skbuff.h>
+#include <linux/version.h>
 #include <linux/ip.h>
 #include <net/checksum.h>
 
@@ -28,7 +29,11 @@
        const void *targinfo)
 {
    const struct ipt_ipclassify_target_info *ipclassifyinfo = targinfo;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+   struct iphdr *iph = ip_hdr(*pskb);
+#else
    struct iphdr *iph = (*pskb)->nh.iph;
+#endif
    unsigned long mark;
 
    if (ipclassifyinfo->addr == IPT_IPCLASSIFY_SRC)

По отношение на ъплоада - дай малко повече информация - прим. изхода от:

Код

GeSHi (Bash):
iptables-save

Gaara · « **Отговор #2 -:** Dec 03, 2008, 14:11 »

Само един простичък въпрос, а именно как си пачнал стъпка по стъпка? Причината да попитам е дали случайно не си забравил за:

Код:

chmod +x iptables-XXX/extensions/.IPCLASSIFY-test

Както и за пача на руснака, споменат по-горе от учителя VladSun

BuSteR · « **Отговор #3 -:** Dec 03, 2008, 14:32 »

Благодаря за бързите отговори пача си го правя директно от POM с ./runme IPCLASSIFY, значи пачва си се в iptables няма проблем, chmod-вам test-a но комплиациятя на ядрото плюе грешка просто....не ми е точно тва проблема ... и всъщност има ли разлика дали ползвам IPCLASSIFY или IPMARK конкроетно за проблема ми с шейпването на ъплоада....за download-а както споменах няма ядове ....тва е главния ми проблем не искам да ползвам IMQ...за шейпването на ъплоад канала.Входящ интерфейс eth0 адрес 10.1.10.1 , интерфейс към локалната мрежа eth1 адрес 192.168.0.1 в config.pl са ми описани точно така съответно входящ изходящ.

VladSun · « **Отговор #4 -:** Dec 03, 2008, 15:23 »

Цитат на: Gaara в Dec 03, 2008, 14:11

...от учителя VladSun

По-скоро съм "тесен специалист" в тази област

VladSun · « **Отговор #5 -:** Dec 03, 2008, 15:25 »

Цитат на: BuSteR в Dec 03, 2008, 14:32

и всъщност има ли разлика дали ползвам IPCLASSIFY или IPMARK конкроетно за проблема ми с шейпването на ъплоада....за download-а както споменах няма ядове ....тва е главния ми проблем не искам да ползвам IMQ...за шейпването на ъплоад канала.Входящ интерфейс eth0 адрес 10.1.10.1 , интерфейс към локалната мрежа eth1 адрес 192.168.0.1 в config.pl са ми описани точно така съответно входящ изходящ.

Почти няма разлика - IPCLASSIFY e "по-TC" ориентиран от IPMARK.
Дай информацията, за която те помолих по-горе.

BuSteR · « **Отговор #6 -:** Dec 03, 2008, 16:05 »

Доста ми е дълъг изхода от iptables-save понеже има и порт редиректи и т.н.

, но няма къде да го кача в момента и се извинявам за flood-а та ето го:

Generated by iptables-save v1.4.0 on Wed Dec 3 15:49:53 2008
*raw
:PREROUTING ACCEPT [166417:145778403]
:OUTPUT ACCEPT [708:95933]
COMMIT
# Completed on Wed Dec 3 15:49:53 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 15:49:53 2008
*mangle
:PREROUTING ACCEPT [166418:145778455]
:INPUT ACCEPT [616:76817]
:FORWARD ACCEPT [165802:145701638]
:OUTPUT ACCEPT [708:95933]
:POSTROUTING ACCEPT [166279:145762519]
:BG_IN - [0:0]
:BG_OUT - [0:0]
:INT_IN - [0:0]
:INT_OUT - [0:0]
:TRAF_IN - [0:0]
:TRAF_OUT - [0:0]
-A FORWARD -j MARK --set-mark 0x1
-A FORWARD -i eth1 -o eth0 -j TRAF_OUT
-A FORWARD -i eth0 -o eth1 -j TRAF_IN
-A FORWARD -i eth1 -o eth1 -j BG_IN
-A FORWARD -i eth1 -o eth1 -j BG_OUT
-A POSTROUTING -o eth0 -j IMQ --todev 0
-A POSTROUTING -o eth1 -j IMQ --todev 1
-A POSTROUTING -o eth2 -j IMQ --todev 2
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -o eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A BG_IN -d 192.168.0.0/24 -j IPMARK --addr=dst --and-mask 0xff --or-mask 0x10500
-A BG_OUT -s 192.168.0.0/24 -j IPMARK --addr=src --and-mask 0xff --or-mask 0x10600
-A INT_IN -d 192.168.0.0/24 -j IPMARK --addr=dst --and-mask 0xff --or-mask 0x10700
-A INT_OUT -s 192.168.0.0/24 -j IPMARK --addr=src --and-mask 0xff --or-mask 0x10800
-A TRAF_IN -m set --set BG_NETS src -j BG_IN
-A TRAF_IN -m mark --mark 0x1 -j INT_IN
-A TRAF_OUT -m set --set BG_NETS dst -j BG_OUT
-A TRAF_OUT -m mark --mark 0x1 -j INT_OUT
COMMIT
# Completed on Wed Dec 3 15:49:53 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 15:49:53 2008
*nat
:PREROUTING ACCEPT [1903:121283]
:POSTROUTING ACCEPT [142:9368]
:OUTPUT ACCEPT [49:3642]
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2224 -j DNAT --to-destination 192.168.0.3:21
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2225 -j DNAT --to-destination 192.168.0.3:5901
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2227 -j DNAT --to-destination 192.168.0.3:3333
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -i eth1 -p udp -m udp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -i eth1 -p udp -m udp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -i eth1 -p udp -m udp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -i eth1 -p udp -m udp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -i eth1 -p udp -m udp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -i eth1 -p udp -m udp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -i eth1 -p udp -m udp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -i eth1 -p udp -m udp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -i eth1 -p udp -m udp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -i eth1 -p udp -m udp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -i eth1 -p udp -m udp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -i eth1 -p udp -m udp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -i eth1 -p udp -m udp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -i eth1 -p udp -m udp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -i eth1 -p tcp -m tcp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -i eth1 -p udp -m udp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -i eth1 -p tcp -m tcp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -i eth1 -p udp -m udp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -i eth1 -p udp -m udp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -i eth1 -p udp -m udp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -i eth1 -p udp -m udp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -i eth1 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -i eth1 -p udp -m udp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -i eth1 -p udp -m udp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -i eth1 -p udp -m udp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -i eth1 -p udp -m udp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -i eth1 -p udp -m udp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -i eth1 -p udp -m udp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -i eth1 -p udp -m udp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -i eth1 -p udp -m udp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -i eth1 -p tcp -m tcp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -i eth1 -p udp -m udp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -i eth1 -p udp -m udp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -i eth1 -p udp -m udp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -i eth1 -p udp -m udp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -i eth1 -p udp -m udp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -i eth1 -p udp -m udp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -i eth1 -p udp -m udp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -i eth1 -p udp -m udp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -i eth1 -p udp -m udp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -i eth1 -p udp -m udp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -i eth1 -p udp -m udp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -i eth1 -p udp -m udp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -i eth1 -p udp -m udp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -i eth1 -p udp -m udp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -i eth1 -p udp -m udp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -i eth1 -p udp -m udp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -i eth1 -p udp -m udp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -i eth1 -p udp -m udp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -i eth1 -p udp -m udp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -i eth1 -p udp -m udp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -i eth1 -p udp -m udp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -i eth1 -p udp -m udp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -i eth1 -p udp -m udp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -i eth1 -p udp -m udp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -i eth1 -p udp -m udp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -i eth1 -p udp -m udp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -i eth1 -p udp -m udp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -i eth1 -p udp -m udp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -i eth1 -p udp -m udp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -i eth1 -p udp -m udp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -i eth1 -p udp -m udp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -i eth1 -p udp -m udp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -i eth1 -p udp -m udp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -i eth1 -p udp -m udp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -i eth1 -p tcp -m tcp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -i eth1 -p udp -m udp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -i eth1 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -i eth1 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2224 -j DNAT --to-destination 192.168.0.3:21
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2225 -j DNAT --to-destination 192.168.0.3:5901
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2227 -j DNAT --to-destination 192.168.0.3:3333
-A POSTROUTING -s 192.168.0.220/32 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth2 -j MASQUERADE
COMMIT
# Completed on Wed Dec 3 15:49:53 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 15:49:53 2008
*filter
:INPUT ACCEPT [856:89345]
:FORWARD DROP [78:13973]
:OUTPUT ACCEPT [839:132976]
-A FORWARD -i eth1 -o eth1 -j ACCEPT
-A FORWARD -m set --set FW_192_168_0_0 src -j ACCEPT
-A FORWARD -m set --set FW_192_168_0_0 dst -j ACCEPT
COMMIT
# Completed on Wed Dec 3 15:49:53 2008

към eth2 съм пренасочил локалните IP-та на доставчика ми но и без нея се тая - в смисъл само с eth0 (входяща за интернет) и eth1 към LAN-a.

edit: хм ..., защо NAT-а ми натва мрежата на /32 ...може би това е проблема ...това ми е регуларния ред за всеки хост поотделно в нат таблицата: iptables -t nat -A POSTROUTING -o eth0 -s 192.168.x.x -j MASQUERADE ...дали не трябва да го опиша за маска /24 - iptables -t nat -A POSTROUTING -o eth0 -s 192.168.x.x/24 -j MASQUERADE

VladSun · « **Отговор #7 -:** Dec 03, 2008, 16:22 »

Изглежда ми наред - значи трябва дебъг да правиш.
Махни редовете за IMQ и пусни няколко пъти:

Код

GeSHi (Bash):
iptables -t mangle -nxvL FORWARD

виж дали минава ъплоад трафик през IPMARK правилата.

Ако минава, виж дали сътоветният трафик минава през TC класовете за ъплоад.

Може би ще е полезно да покажеш изхода от

Код

GeSHi (Bash):
route -n

BuSteR · « **Отговор #8 -:** Dec 03, 2008, 16:34 »

Минава трафик да ето го временния резултат от iptables -t mangle -nxvL FORWARD
pkts bytes target prot opt in out source destination
134622 97696174 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
2458 100889 TRAF_OUT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
13137 10111183 TRAF_IN all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
66837 81692078 BG_IN all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0
66837 81692078 BG_OUT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0
и от route -n
85.17.111.26 192.168.0.220 255.255.255.255 UGH 0 0 0 eth2
85.17.111.51 192.168.0.220 255.255.255.255 UGH 0 0 0 eth2
10.1.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.1.10.2 0.0.0.0 UG 0 0 0 eth0

VladSun · « **Отговор #9 -:** Dec 03, 2008, 17:43 »

Нещо не е наред - изходът от iptables при махнати IMQ devices ли е?
Защото не виждам веригите за BG_IN/OUT за eth0<->eth1 - вижда се само локалният за мрежата трафик. А и сумите от количествата байтове не съвпадат)

BuSteR · « **Отговор #10 -:** Dec 03, 2008, 18:04 »

Ами да свалил съм IMQ-то даже ребоотнах без IMQ е в момента махнах даже и локалния интерфейс сега е само интернет-лан.

iptables-save
# Generated by iptables-save v1.4.0 on Wed Dec 3 11:08:54 2008
*raw
:PREROUTING ACCEPT [79928:8827732]
:OUTPUT ACCEPT [5144:423950]
COMMIT
# Completed on Wed Dec 3 11:08:54 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 11:08:54 2008
*mangle
:PREROUTING ACCEPT [79928:8827732]
:INPUT ACCEPT [5943:577510]
:FORWARD ACCEPT [73873:8238134]
:OUTPUT ACCEPT [5148:424462]
:POSTROUTING ACCEPT [78843:8647316]
:BG_IN - [0:0]
:BG_OUT - [0:0]
:INT_IN - [0:0]
:INT_OUT - [0:0]
:TRAF_IN - [0:0]
:TRAF_OUT - [0:0]
-A FORWARD -j MARK --set-mark 0x1
-A FORWARD -i eth1 -o eth0 -j TRAF_OUT
-A FORWARD -i eth0 -o eth1 -j TRAF_IN
-A FORWARD -i eth1 -o eth1 -j BG_IN
-A FORWARD -i eth1 -o eth1 -j BG_OUT
-A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A POSTROUTING -o eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A BG_IN -d 192.168.0.0/24 -j IPMARK --addr=dst --and-mask 0xff --or-mask 0x10500
-A BG_OUT -s 192.168.0.0/24 -j IPMARK --addr=src --and-mask 0xff --or-mask 0x10600
-A INT_IN -d 192.168.0.0/24 -j IPMARK --addr=dst --and-mask 0xff --or-mask 0x10700
-A INT_OUT -s 192.168.0.0/24 -j IPMARK --addr=src --and-mask 0xff --or-mask 0x10800
-A TRAF_IN -m set --set BG_NETS src -j BG_IN
-A TRAF_IN -m mark --mark 0x1 -j INT_IN
-A TRAF_OUT -m set --set BG_NETS dst -j BG_OUT
-A TRAF_OUT -m mark --mark 0x1 -j INT_OUT
COMMIT
# Completed on Wed Dec 3 11:08:54 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 11:08:54 2008
*nat
:PREROUTING ACCEPT [14789:1078082]
:POSTROUTING ACCEPT [2147:151106]
:OUTPUT ACCEPT [1967:140778]
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -s 10.1.10.2/32 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2224 -j DNAT --to-destination 192.168.0.3:21
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2225 -j DNAT --to-destination 192.168.0.3:5901
-A PREROUTING -s 10.1.10.2/32 -p tcp -m tcp --dport 2227 -j DNAT --to-destination 192.168.0.3:3333
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -i eth1 -p udp -m udp --dport 45556 -j DNAT --to-destination 192.168.0.2:45556
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -i eth1 -p udp -m udp --dport 35556 -j DNAT --to-destination 192.168.0.2:35556
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -i eth1 -p udp -m udp --dport 45557 -j DNAT --to-destination 192.168.0.42:45557
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -i eth1 -p udp -m udp --dport 35557 -j DNAT --to-destination 192.168.0.42:35557
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -i eth1 -p udp -m udp --dport 45558 -j DNAT --to-destination 192.168.0.4:45558
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -i eth1 -p udp -m udp --dport 35558 -j DNAT --to-destination 192.168.0.4:35558
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -i eth1 -p udp -m udp --dport 45560 -j DNAT --to-destination 192.168.0.7:45560
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -i eth1 -p udp -m udp --dport 35560 -j DNAT --to-destination 192.168.0.7:35560
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -i eth1 -p udp -m udp --dport 45563 -j DNAT --to-destination 192.168.0.11:45563
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -i eth1 -p udp -m udp --dport 35563 -j DNAT --to-destination 192.168.0.11:35563
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -i eth1 -p udp -m udp --dport 45564 -j DNAT --to-destination 192.168.0.12:45564
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -i eth1 -p udp -m udp --dport 35564 -j DNAT --to-destination 192.168.0.12:35564
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -i eth1 -p udp -m udp --dport 45566 -j DNAT --to-destination 192.168.0.14:45566
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -i eth1 -p udp -m udp --dport 35566 -j DNAT --to-destination 192.168.0.14:35566
-A PREROUTING -i eth1 -p tcp -m tcp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -i eth1 -p udp -m udp --dport 63875 -j DNAT --to-destination 192.168.0.40:63875
-A PREROUTING -i eth1 -p tcp -m tcp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -i eth1 -p udp -m udp --dport 1214 -j DNAT --to-destination 192.168.0.40:1214
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -i eth1 -p udp -m udp --dport 2345 -j DNAT --to-destination 192.168.0.40:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -i eth1 -p udp -m udp --dport 3334 -j DNAT --to-destination 192.168.0.40:3334
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -i eth1 -p udp -m udp --dport 5554 -j DNAT --to-destination 192.168.0.40:5554
-A PREROUTING -i eth1 -p tcp -m tcp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -i eth1 -p udp -m udp --dport 8000 -j DNAT --to-destination 192.168.0.40:8000
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -i eth1 -p udp -m udp --dport 2034 -j DNAT --to-destination 192.168.0.40:2034
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -i eth1 -p udp -m udp --dport 2035 -j DNAT --to-destination 192.168.0.40:2035
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -i eth1 -p udp -m udp --dport 2036 -j DNAT --to-destination 192.168.0.40:2036
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -i eth1 -p udp -m udp --dport 2037 -j DNAT --to-destination 192.168.0.40:2037
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -i eth1 -p udp -m udp --dport 2038 -j DNAT --to-destination 192.168.0.40:2038
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -i eth1 -p udp -m udp --dport 2039 -j DNAT --to-destination 192.168.0.40:2039
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -i eth1 -p udp -m udp --dport 2040 -j DNAT --to-destination 192.168.0.40:2040
-A PREROUTING -i eth1 -p tcp -m tcp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -i eth1 -p udp -m udp --dport 36827 -j DNAT --to-destination 192.168.0.40:36827
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -i eth1 -p udp -m udp --dport 45567 -j DNAT --to-destination 192.168.0.15:45567
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -i eth1 -p udp -m udp --dport 35567 -j DNAT --to-destination 192.168.0.15:35567
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -i eth1 -p udp -m udp --dport 45569 -j DNAT --to-destination 192.168.0.17:45569
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -i eth1 -p udp -m udp --dport 35569 -j DNAT --to-destination 192.168.0.17:35569
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -i eth1 -p udp -m udp --dport 45570 -j DNAT --to-destination 192.168.0.19:45570
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -i eth1 -p udp -m udp --dport 35570 -j DNAT --to-destination 192.168.0.19:35570
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -i eth1 -p udp -m udp --dport 45571 -j DNAT --to-destination 192.168.0.20:45571
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -i eth1 -p udp -m udp --dport 35571 -j DNAT --to-destination 192.168.0.20:35571
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -i eth1 -p udp -m udp --dport 45573 -j DNAT --to-destination 192.168.0.23:45573
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -i eth1 -p udp -m udp --dport 35573 -j DNAT --to-destination 192.168.0.23:35573
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -i eth1 -p udp -m udp --dport 45575 -j DNAT --to-destination 192.168.0.25:45575
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -i eth1 -p udp -m udp --dport 35575 -j DNAT --to-destination 192.168.0.25:35575
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -i eth1 -p udp -m udp --dport 45586 -j DNAT --to-destination 192.168.0.27:45586
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -i eth1 -p udp -m udp --dport 35586 -j DNAT --to-destination 192.168.0.27:35586
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -i eth1 -p udp -m udp --dport 45577 -j DNAT --to-destination 192.168.0.28:45577
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -i eth1 -p udp -m udp --dport 35577 -j DNAT --to-destination 192.168.0.28:35577
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -i eth1 -p udp -m udp --dport 45578 -j DNAT --to-destination 192.168.0.29:45578
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -i eth1 -p udp -m udp --dport 35578 -j DNAT --to-destination 192.168.0.29:35578
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -i eth1 -p udp -m udp --dport 45579 -j DNAT --to-destination 192.168.0.34:45579
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -i eth1 -p udp -m udp --dport 35579 -j DNAT --to-destination 192.168.0.34:35579
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -i eth1 -p udp -m udp --dport 45582 -j DNAT --to-destination 192.168.0.39:45582
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -i eth1 -p udp -m udp --dport 35582 -j DNAT --to-destination 192.168.0.39:35582
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -i eth1 -p udp -m udp --dport 2229 -j DNAT --to-destination 192.168.0.39:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -i eth1 -p udp -m udp --dport 45583 -j DNAT --to-destination 192.168.0.41:45583
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -i eth1 -p udp -m udp --dport 35583 -j DNAT --to-destination 192.168.0.41:35583
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -i eth1 -p udp -m udp --dport 45592 -j DNAT --to-destination 192.168.0.35:45592
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -i eth1 -p udp -m udp --dport 35592 -j DNAT --to-destination 192.168.0.35:35592
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -i eth1 -p udp -m udp --dport 45594 -j DNAT --to-destination 192.168.0.44:45594
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -i eth1 -p udp -m udp --dport 35594 -j DNAT --to-destination 192.168.0.44:35594
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -i eth1 -p udp -m udp --dport 45595 -j DNAT --to-destination 192.168.0.45:45595
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -i eth1 -p udp -m udp --dport 35595 -j DNAT --to-destination 192.168.0.45:35595
-A PREROUTING -i eth1 -p tcp -m tcp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -i eth1 -p udp -m udp --dport 45596 -j DNAT --to-destination 192.168.0.13:45596
-A PREROUTING -i eth1 -p tcp -m tcp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -i eth1 -p udp -m udp --dport 35596 -j DNAT --to-destination 192.168.0.13:35596
-A PREROUTING -i eth1 -p tcp -m tcp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -i eth1 -p udp -m udp --dport 1123 -j DNAT --to-destination 192.168.0.3:1123
-A PREROUTING -i eth1 -p tcp -m tcp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -i eth1 -p udp -m udp --dport 27015 -j DNAT --to-destination 192.168.0.3:27015
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.0.3:22
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2224 -j DNAT --to-destination 192.168.0.3:21
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2225 -j DNAT --to-destination 192.168.0.3:5901
-A PREROUTING -i eth1 -p tcp -m tcp --dport 2227 -j DNAT --to-destination 192.168.0.3:3333
-A POSTROUTING -s 192.168.0.220/32 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.2/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.3/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.4/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.5/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.7/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.11/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.12/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.13/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.14/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.15/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.17/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.18/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.19/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.20/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.23/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.25/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.27/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.28/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.29/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.34/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.35/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.39/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.40/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.41/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.42/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.44/32 -o eth2 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth1 -j MASQUERADE
-A POSTROUTING -s 192.168.0.46/32 -o eth2 -j MASQUERADE
COMMIT
# Completed on Wed Dec 3 11:08:54 2008
# Generated by iptables-save v1.4.0 on Wed Dec 3 11:08:54 2008
*filter
:INPUT ACCEPT [6280:595034]
:FORWARD DROP [123:10704]
:OUTPUT ACCEPT [5447:484950]
-A FORWARD -i eth1 -o eth1 -j ACCEPT
-A FORWARD -m set --set FW_192_168_0_0 src -j ACCEPT
-A FORWARD -m set --set FW_192_168_0_0 dst -j ACCEPT
COMMIT
# Completed on Wed Dec 3 11:08:54 2008

iptables -t mangle -nxvL FORWARD
Chain FORWARD (policy ACCEPT 77065 packets, 8889361 bytes)
pkts bytes target prot opt in out source destination
77064 8889313 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
61106 5567143 TRAF_OUT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
14954 3228684 TRAF_IN all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
1001 93342 BG_IN all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0
1001 93342 BG_OUT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0

route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.1.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.1.10.2 0.0.0.0 UG 0 0 0 eth0

BuSteR · « **Отговор #11 -:** Dec 03, 2008, 18:54 »

Промених веригата BG_IN/OUT в fw.init съотвтно на :

# Local traffic is considered BG
`$ipt -t mangle -A FORWARD -i $EXT_ETH -o $INT_ETH -j BG_IN`;
`$ipt -t mangle -A FORWARD -i $INT_ETH -o $EXT_ETH -j BG_OUT`;

Явно съм инсталирал версията за IPCLASSIFY и съм заменил редовете с IPMARK, но в тази вeсия 0.3-beta
BG_IN/OUT веригата в fw.init беше така

# Local traffic is considered BG
`$ipt -t mangle -A FORWARD -i $INT_ETH -o $INT_ETH -j BG_IN`;
`$ipt -t mangle -A FORWARD -i $INT_ETH -o $INT_ETH -j BG_OUT`;

Въпреки това след промените няма промяна, байтовете съответстват ето ми изходния код от iptables -t mangle -nxvL FORWARD
pkts bytes target prot opt in out source destination
433632 282876865 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
200995 40582260 TRAF_OUT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
230968 242151718 TRAF_IN all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
230968 242151718 BG_IN all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0
200995 40582260 BG_OUT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0

edit: Нещо http://openfmi.net/projects/flattc/ не се отваря и нямам как да изтегля IPMARK версията.

VladSun · « **Отговор #12 -:** Dec 04, 2008, 00:08 »

Не можеш да "мешаш" версиите за IPMARK и IPCLASSIFY - имат няколко принципни различия.
Освен това по-долу във fw.init (IPMARK) има:

Код

GeSHi (Perl):
`$ipt -t mangle -A TRAF_IN -m set --set BG_NETS src -j BG_IN`;
`$ipt -t mangle -A TRAF_OUT -m set --set BG_NETS dst -j BG_OUT`;
`$ipt -t mangle -A TRAF_IN -m mark --mark 1 -j INT_IN`;
`$ipt -t mangle -A TRAF_OUT -m mark --mark 1 -j INT_OUT`;

Тези вериги ме интересуват.

BuSteR · « **Отговор #13 -:** Dec 04, 2008, 00:22 »

VladSun, опитвах безброй варианти с поромяна на маркерите с промяна на интерфейсите и не бачка, и не бачка

,
Ето ми теста към 1 адрес ( т.е. моя )

./tc.add 40 1 512 1024 128 256 1.2 1.2

tc class show dev eth0
class htb 1:828 parent 1:25 leaf 828: prio 4 rate 128000bit ceil 213000bit burst 1615b cburst 128Kb
class htb 1:3 root rate 250000Kbit ceil 250000Kbit burst 32812b cburst 32812b
class htb 1:15 parent 1:3 rate 200000Kbit ceil 200000Kbit burst 26575b cburst 26575b
class htb 1:25 parent 1:3 rate 18000Kbit ceil 18000Kbit burst 3847b cburst 3847b
class htb 1:628 parent 1:15 leaf 628: prio 5 rate 512000bit ceil 853000bit burst 1663b cburst 512Kb

Щом коефициента за БГ и Международен е дробно число значи в моя случай rate=.$bgmin ми е 512 за БГ и ceil=$bgmax/$bg_coeff, но забелижи 1-во стойностите не са в Kbit а в bit и ceil-a би трябвало да ми е равен на rate-a а той е по-голям ..... пробвах да го намаля с по-голямо дробно число почти достигнах стойностите на rate-a, но и така не стана

за eth1 tc show казва:

tc class show dev eth1
class htb 1:10 parent 1:2 rate 200000Kbit ceil 200000Kbit burst 26575b cburst 26575b
class htb 1:20 parent 1:2 rate 18000Kbit ceil 18000Kbit burst 3847b cburst 3847b
class htb 1:2 root rate 250000Kbit ceil 250000Kbit burst 32812b cburst 32812b
class htb 1:728 parent 1:20 leaf 728: prio 4 rate 128000bit ceil 256000bit burst 1615b cburst 128Kb
class htb 1:528 parent 1:10 leaf 528: prio 5 rate 512000bit ceil 1024Kbit burst 1663b cburst 512Kb

Тук стойностите са си както трябва, но отново са в bit, а не в Kbit ??
Налии тоя ред му казва Kbit :
$class_bg_dl = "tc class add dev $INT_ETH parent 1:10 classid 1:0".$id." htb rate ".$bgmin."Kbit ceil ".$bgmax."Kbit prio 5 $
$qdisc_bg_dl = "tc qdisc add dev $INT_ETH parent 1:0".$id." handle ".$id." sfq perturb 10";

не мога да вдяна нещо...

Помогни ми моля те да разнищим тоя проблем със скапания ъплоад

BuSteR · « **Отговор #14 -:** Dec 04, 2008, 00:26 »

Ето ги създадените вериги btw: сложих си IPMARK версията

iptables -t mangle -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
TRAF_OUT all -- 0.0.0.0/0 0.0.0.0/0
TRAF_IN all -- 0.0.0.0/0 0.0.0.0/0
BG_IN all -- 0.0.0.0/0 0.0.0.0/0
BG_OUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain BG_IN (2 references)
target prot opt source destination
IPMARK all -- 0.0.0.0/0 192.168.0.0/24 IPMARK dst ip and 0xff or 0x10500

Chain BG_OUT (2 references)
target prot opt source destination
IPMARK all -- 192.168.0.0/24 0.0.0.0/0 IPMARK src ip and 0xff or 0x10600

Chain INT_IN (1 references)
target prot opt source destination
IPMARK all -- 0.0.0.0/0 192.168.0.0/24 IPMARK dst ip and 0xff or 0x10700

Chain INT_OUT (1 references)
target prot opt source destination
IPMARK all -- 192.168.0.0/24 0.0.0.0/0 IPMARK src ip and 0xff or 0x10800

Chain TRAF_IN (1 references)
target prot opt source destination
BG_IN all -- 0.0.0.0/0 0.0.0.0/0 set BG_NETS src
INT_IN all -- 0.0.0.0/0 0.0.0.0/0 MARK match 0x1

Chain TRAF_OUT (1 references)
target prot opt source destination
BG_OUT all -- 0.0.0.0/0 0.0.0.0/0 set BG_NETS dst
INT_OUT all -- 0.0.0.0/0 0.0.0.0/0 MARK match 0x1

Автор Тема: Проблем с FlatTC (Прочетена 4930 пъти)

BuSteR

Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

Gaara

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

VladSun

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC

BuSteR

Re: Проблем с FlatTC