Âíóòðåííèé è âíåøíèé IP àäðåñà + DCHub

**Basile** · 28-01-2010, 20:45

Âñå ÎÊ. Êîììåíòèðóåì êîìàíäû ñ iptables. Èòîãî â post-firewall äîëæíî ïîëó÷èòüñÿ:

Code:

#!/bin/sh

#iptables -t nat -D PREROUTING 2
#iptables -t nat -I PREROUTING -d 192.168.31.46 -j VSERVER
#iptables -t nat -I PREROUTING -d 91.195.xxx.10 -j VSERVER

#iptables -t nat -D POSTROUTING 2
#iptables -t nat -I POSTROUTING -o eth1 -s !192.168.31.46 -j MASQUERADE
#iptables -t nat -I POSTROUTING -o eth1 -s !91.195.xxx.10 -j MASQUERADE

#ip route delete default via 10.44.22.1


export >> /tmp/script.log
echo "$*" >> /tmp/script.log
echo "<=end=>" >> /tmp/script.log

Ñîõðàíÿåìñÿ, ïåðåçàãðóæàåìñÿ, ïðîáóåì.

Èíòåðåñóþò äàííûå òîëüêî èç /tmp/script.log. Òàì äîëæíî áûòü áîëüøå òåêñòà

**êîëáàñêèí** · 28-01-2010, 20:55

Ïîäïðàâèë, ñîõðàíèëñÿ è ïåðåãðóçèëñÿ ñðàçó ñî âêëþ÷åííûì êàáåëåì

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 79 packets, 7059 bytes)
 pkts bytes target     prot opt in     out     source               destination
  333 16701 MASQUERADE  all  --  *      vlan1  !10.44.22.205         0.0.0.0/0
   22  5332 MASQUERADE  all  --  *      eth1   !10.44.22.205         0.0.0.0/0
    3   566 MASQUERADE  all  --  *      br0     192.168.0.0/24       192.168.0.0/24
[maxya@maxya_wi_fi root]$

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -vnL PREROUTING
Chain PREROUTING (policy ACCEPT 1390 packets, 154K bytes)
 pkts bytes target     prot opt in     out     source               destination
    1    64 VSERVER    all  --  *      *       0.0.0.0/0            10.44.22.205
    1    64 VSERVER    all  --  *      *       0.0.0.0/0            10.44.22.205
[maxya@maxya_wi_fi root]$

Code:

[maxya@maxya_wi_fi root]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
91.195.XXX.9    0.0.0.0         255.255.255.255 UH    0      0        0 eth1
10.44.22.1      0.0.0.0         255.255.255.255 UH    0      0        0 vlan1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
91.195.XXX.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.44.22.0      0.0.0.0         255.255.255.0   U     0      0        0 vlan1
10.0.0.0        10.44.22.1      255.0.0.0       UG    0      0        0 vlan1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         10.44.22.1      0.0.0.0         UG    0      0        0 vlan1
0.0.0.0         91.195.XXX.9    0.0.0.0         UG    0      0        0 eth1
[maxya@maxya_wi_fi root]$

ñîäåðæèìîå /tmp/script.log - òîëüêî ýòî

Code:

start

**Basile** · 28-01-2010, 20:59

Âû, êîãäà ðåäàêòèðîâàëè post-firewall, ñëó÷àéíî íå ñíåñëè àòðèáóò "èñïîëíÿåìûé"?

Íà âñÿêèé ñëó÷àé ïðèâîæó êîìàíäó, êàê åãî âåðíóòü:

Code:

chmod +x /tmp/local/sbin/post-firewall

**êîëáàñêèí** · 28-01-2010, 21:01

Ëîã ðîóòåðà, åñëè âñòàâèòü êàáåëü ïîñëå ïîëíîé çàãðóçêè

Code:

Jan 28 21:49:59 udhcpc[158]: Lease of 10.44.22.205 obtained, lease time 172800
Jan 28 21:50:00 syslog: ERRO: MC-Router API already in use; Errno(125): Address already in use
Jan 28 21:50:00 dhcp client: bound IP : 10.44.22.205 from 10.44.22.1
Jan 28 21:50:01 /opt/sbin/cron[454]: (maxya) CMD (run-parts /opt/etc/cron.5m

Ëîã /tmp/script.log, åñëè òàêæå âñòàâèòü êàáåëü ïîñëå ïîëíîé çàãðóçêè

Code:

start
export HOME='/'
export PATH='/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin'
export PWD='/'
export TZ='EET-2EEST,M3.5.0/3,M10.5.0/4'
export broadcast='10.44.22.255'
export dhcptype='5'
export dns='10.10.10.2 10.10.12.3'
export domain='beeline.ua'
export interface='vlan1'
export ip='10.44.22.205'
export lease='172800'
export mask='24'
export msroutes='8 10 10 44 22 1'
export router='10.44.22.1'
export serverid='10.10.14.2'
export subnet='255.255.255.0'
vlan1 10.44.22.205 br0 192.168.0.1 eth1 10.44.22.205
<=end=>
~

**Basile** · 28-01-2010, 21:28

Ñ àòðèáóòàìè âðîäå âñå ÎÊ. Âîò òàêîé script.log ìíå è áûë íóæåí.

Ïîñëåäíåå íà ñåãîäíÿ. Ïðàâèì post-firewall:

Code:

#!/bin/sh

if [ $interface = 'vlan1' ]; then
	iptables -t nat -D PREROUTING 2
	iptables -t nat -I PREROUTING -d 192.168.31.46 -j VSERVER
	iptables -t nat -I PREROUTING -d 91.195.xxx.10 -j VSERVER

	#iptables -t nat -D POSTROUTING 2
	#iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE

	ip route delete default via 10.44.22.1
fi

export >> /tmp/script.log
echo "$*" >> /tmp/script.log
echo "<=end=>" >> /tmp/script.log

Ñîõðàíÿåìñÿ, ïåðåçàãðóæàåìñÿ. Ñðàçó æå ïîñëå ïåðåçàãðóçêè âûíóòü êàáåëü îñíîâíîãî ïðîâàéäåðà è ñíîâà ïîäêëþ÷èòü, ïîòîì óæå ïîäêëþ÷àòü Áèëàéí.
Äàëåå, ïîëó÷èòü ñîäåðæèìîå script.log, iptables -t nat -vnL POSTROUTING. Äàëåå âûïîëíèòü 3 êîìàíäû, êîòîðûå çàêîììåíòèðîâàíû è ïîñìîòðåòü íà ðåçóëüòàò èõ âûâîäà (âûâîä ñþäà). Ïî-ìîåìó, îíè íà ÷òî-òî ðóãàþòñÿ, à íà ÷òî íå ïîíÿòíî. Çàòåì ñíîâà ïîëó÷èòü âûâîä îò iptables -t nat -vnL POSTROUTING

P.S. À ÷òî ó âàñ çà ïðîøèâêà ñòîèò?

**êîëáàñêèí** · 28-01-2010, 21:54

Ïîäïðàâèë, ñîõðàíèëñÿ, ïåðåãðóçèëñÿ
Âûíóë êàáåëü îñíîâíîãî ïðîâàéäåðà, ïîäêëþ÷èë, ïîäêëþ÷èë áèëàéí

Ëîã ðîóòåðà

Code:

Jan 28 22:36:19 udhcpc[159]: Lease of 10.44.22.205 obtained, lease time 172800
Jan 28 22:36:21 syslog: ERRO: MC-Router API already in use; Errno(125): Address already in use
Jan 28 22:36:21 dhcp client: bound IP : 10.44.22.205 from 10.44.22.1

Ëîã

Code:

/tmp/script.log

Code:

start
export HOME='/'
export PATH='/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin'
export PWD='/'
export TZ='EET-2EEST,M3.5.0/3,M10.5.0/4'
export broadcast='10.44.22.255'
export dhcptype='5'
export dns='10.10.10.2 10.10.12.3'
export domain='beeline.ua'
export interface='vlan1'
export ip='10.44.22.205'
export lease='172800'
export mask='24'
export msroutes='8 10 10 44 22 1'
export router='10.44.22.1'
export serverid='10.10.14.2'
export subnet='255.255.255.0'
vlan1 10.44.22.205 br0 192.168.0.1 eth1 10.44.22.205
<=end=>

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 16 packets, 2056 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   240 MASQUERADE  all  --  *      vlan1  !10.44.22.205         0.0.0.0/0
  258 33201 MASQUERADE  all  --  *      eth1   !10.44.22.205         0.0.0.0/0
    4   757 MASQUERADE  all  --  *      br0     192.168.0.0/24       192.168.0.0/24
[maxya@maxya_wi_fi root]$

Äàþ êîìàíäû

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -D POSTROUTING 2
[maxya@maxya_wi_fi root]$ iptables -t nat -I POSTROUTING -o eth1 -s !192.168.31.46 -j MASQUERADE
iptables v1.2.7a: host/network `!192.168.31.46' not found
Try `iptables -h' or 'iptables --help' for more information.
[maxya@maxya_wi_fi root]$ iptables -t nat -I POSTROUTING -o eth1 -s !91.195.XXX.10 -j MASQUERADE
iptables v1.2.7a: host/network `!91.195.XXX.10' not found
Try `iptables -h' or 'iptables --help' for more information.
[maxya@maxya_wi_fi root]$

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 43 packets, 6962 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      vlan1  !10.44.22.205         0.0.0.0/0
    2   470 MASQUERADE  all  --  *      br0     192.168.0.0/24       192.168.0.0/24
[maxya@maxya_wi_fi root]$

Ïðîøèâêà 1.9.2.7-10.7

**Power** · 28-01-2010, 22:26

Originally Posted by êîëáàñêèí

Äàþ êîìàíäû

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -D POSTROUTING 2
[maxya@maxya_wi_fi root]$ iptables -t nat -I POSTROUTING -o eth1 -s !192.168.31.46 -j MASQUERADE
iptables v1.2.7a: host/network `!192.168.31.46' not found
Try `iptables -h' or 'iptables --help' for more information.
[maxya@maxya_wi_fi root]$ iptables -t nat -I POSTROUTING -o eth1 -s !91.195.XXX.10 -j MASQUERADE
iptables v1.2.7a: host/network `!91.195.XXX.10' not found
Try `iptables -h' or 'iptables --help' for more information.
[maxya@maxya_wi_fi root]$

Îòñþäà âûâîä - âîñêëèöàòåëüíûé çíàê íóæíî îòäåëÿòü ïðîáåëîì îò àäðåñà.

**êîëáàñêèí** · 28-01-2010, 22:45

Ñïàñèáî! òî÷íî

Code:

[maxya@maxya_wi_fi root]$ iptables -t nat -vnL POSTROUTING
Chain POSTROUTING (policy ACCEPT 13 packets, 1180 bytes)
 pkts bytes target     prot opt in     out     source               destination
   27  3837 MASQUERADE  all  --  *      eth1   !91.195.XXX.10        0.0.0.0/0
    8  1250 MASQUERADE  all  --  *      eth1   !192.168.31.46        0.0.0.0/0
    0     0 MASQUERADE  all  --  *      vlan1  !10.44.22.205         0.0.0.0/0
    3   566 MASQUERADE  all  --  *      br0     192.168.0.0/24       192.168.0.0/24
[maxya@maxya_wi_fi root]$

Èíòåðíåò ðàáîòàåò ïðè âêëþ÷åííîì êàáåëå Beeline UA
ß òàê ïîíèìàþ îñòàëîñü ïðîïèñàòü ìàðøðóòû èëè ÷òî-òî åùå?

**Power** · 28-01-2010, 23:08

Êñòàòè, Basile, à çà÷åì 2 ïðàâèëà?

Code:

iptables -t nat -I POSTROUTING -o eth1 -s ! 192.168.31.46 -j MASQUERADE
iptables -t nat -I POSTROUTING -o eth1 -s ! 91.195.xxx.10 -j MASQUERADE

Âåäü ïàêåòû, íå îáðàáîòàííûå îäíèì (ñ àäðåñîì îòïðàâëåíèÿ = 91.195.xxx.10), îáÿçàòåëüíî îáðàáîòàþòñÿ âòîðûì (è íàîáîðîò, â êàêîì ïîðÿäêå èõ íå ñòàâü). Íå ïðîùå ëè ñðàçó îäíèì ìàõîì

Code:

iptables -t nat -I POSTROUTING -o eth1 -j MASQUERADE

**êîëáàñêèí** · 29-01-2010, 14:30

Â îáùåì âòîðîé ïðîâàéäåð ðàáîòàåò, è äàæå ÷åëîâåê êî ìíå ñìîã çàéòè íà õàá, íî íå ìîãó ïîïàñòü íà ñàéòû âî âòîðîé ñåòè, íàâåðíîå íå ïîíèìàåò äíñ

http://10.10.12.4/ - òàê îòêðûâàåò
http://bee.lan/ - òàê íåò! ýòî òèïî ñåòåâûõ ñàéòèêîâ

Íà êîìïüþòåðå êîãäà áûëî ïîäêëþ÷åíî ñðàçó äâà ïðîâàéäåðà, ïî äîìåííûì èìåíàì õîäèëî, ìîæíî êàê-òî ñäåëàòü âîçìîæíûì è íà ðîóòåðå?

È ÿ òàê ïîíèìàþ äâå ñåòè ìåæäó ñîáîé íå âèäíû?

ÇÛ ñïàñèáî âñåì êòî ïîìîãàë

È íà õàáû â ñåòÿõ íè ê êîìó íå ìîãó ïîäêëþ÷èòñÿ

**Basile** · 29-01-2010, 16:51

Originally Posted by Power

Êñòàòè, Basile, à çà÷åì 2 ïðàâèëà?

Âî âñåõ ñëó÷àÿõ, êîòîðûå ÿ âñòðå÷àë, âñåãäà âñå IP'øíèêè, ïðèñâîåííûå ðîóòåðó, áûëè â öåïî÷êå POSTROUTING

Íóæíî íàïèñàòü ïðàâèëî (ìîæåò ïîìîæåòå?): "äëÿ âñåãî, äëÿ ÷åãî èñòî÷íèê íå ðàâåí 192.168.31.46 è íå ðàâåí 91.195.xxx.10 è èíòåðôåéñ (out) ðàâåí eth1 ìàñêàðäèòü åãî"

ß ïîêà íå çíàþ êàê. Âàðèàíò ïðèâåäåííûé íèæå, ÿ äóìàþ, íå ïðîêàòèò:
iptables -t nat -I POSTROUTING -o eth1 -s ! 192.168.31.46 -s ! 91.195.xxx.10 -j MASQUERADE

**Basile** · 29-01-2010, 17:11

Originally Posted by êîëáàñêèí

Â îáùåì âòîðîé ïðîâàéäåð ðàáîòàåò, è äàæå ÷åëîâåê êî ìíå ñìîã çàéòè íà õàá, íî íå ìîãó ïîïàñòü íà ñàéòû âî âòîðîé ñåòè, íàâåðíîå íå ïîíèìàåò äíñ

Äà, ñ DNS'àìè ÿ âàì íå ïîìîãó. Íà õàáû ìîæíî çàõîäèòü ïî åãî IP'øíèêó, íå òîëüêî ïî åãî èìåíè

Originally Posted by êîëáàñêèí

È íà õàáû â ñåòÿõ íè ê êîìó íå ìîãó ïîäêëþ÷èòñÿ

Çäåñü íàäî ðàçáèðàòüñÿ. Âû ñåé÷àñ î êàêîì õàáå ãîâîðèòå? Î ñâîåì? Åñëè î ñâîåì, çäåñü ñëîæíåå.
Åñëè î âíåøíåì, òî äàâàéòå íà÷íåì ñ òîãî, ïèíãóåòñÿ ýòîò êòî-òî (íå õàá, à ÷åëîâåê, ïèð) èëè íåò, òðàññèðóåòñÿ ê íåìó ìàðøðóò èëè íåò?

**Power** · 29-01-2010, 17:41

Originally Posted by Basile

Âî âñåõ ñëó÷àÿõ, êîòîðûå ÿ âñòðå÷àë, âñåãäà âñå IP'øíèêè, ïðèñâîåííûå ðîóòåðó, áûëè â öåïî÷êå POSTROUTING

Íóæíî íàïèñàòü ïðàâèëî (ìîæåò ïîìîæåòå?): "äëÿ âñåãî, äëÿ ÷åãî èñòî÷íèê íå ðàâåí 192.168.31.46 è íå ðàâåí 91.195.xxx.10 è èíòåðôåéñ (out) ðàâåí eth1 ìàñêàðäèòü åãî"

ß ïîêà íå çíàþ êàê. Âàðèàíò ïðèâåäåííûé íèæå, ÿ äóìàþ, íå ïðîêàòèò:
iptables -t nat -I POSTROUTING -o eth1 -s ! 192.168.31.46 -s ! 91.195.xxx.10 -j MASQUERADE

Àéïèøíèêè òàì äëÿ ýêîíîìèè. ×òîáû íå ìàñêàðàäèòü òå ïàêåòû, ó êîòîðûõ è òàê óæå íóæíûé àäðåñ. Íî â ýòîì ñëó÷àå ïðîùå áóäåò íå ãîðîäèòü îãîðîä, à âîñïîëüçîâàòüñÿ òåì ïðàâèëîì áåç àéïèøíèêîâ, ÷òî ÿ ïðèâ¸ë. Âîçìîæíî, îíî äàæå áóäåò áûñòðåå.
Äà, âàø âàðèàíò íå ïðîêàòèò, -s ìîæíî óêàçàòü òîëüêî îäèí ðàç.

**êîëáàñêèí** · 29-01-2010, 17:44

Íóæíî êàê-òî ñäåëàòü ÷òîáû
èíòåðíåò è ñåòü 10.1.xxx.xxx-10.20.xxx.xxx øëè ÷åðåç îñíîâíîé øëþç 91.195.XXX.10
à 10.21.xxx.xxx - 10.60.xxx.xxx øëè ÷åðåç 10.44.22.1

íà îñíîâíîì ïðîâàéäåðå åñòü ñåòè 10.1.xxx.xxx-10.20.xxx.xxx, à íà Beeline UA 10.21.xxx.xxx - 10.60.xxx.xxx

×åðåç áèëàéí ïîäêëþ÷åí ïî ip ê õàáó è íå ìîãó çàéòè íà þçåðîâ, ip ïèíãóåòñÿ

**Basile** · 29-01-2010, 18:22

Originally Posted by êîëáàñêèí

Íóæíî êàê-òî ñäåëàòü ÷òîáû
èíòåðíåò è ñåòü 10.1.xxx.xxx-10.20.xxx.xxx øëè ÷åðåç îñíîâíîé øëþç 91.195.XXX.10
à 10.21.xxx.xxx - 10.60.xxx.xxx øëè ÷åðåç 10.44.22.1

ß ïîêîïàëñÿ íà ñàéòå âàøåãî ïðîâàéäåðà è íå óâèäåë èíñòðóêöèþ, ãäå óêàçàíî, ÷òî íóæíî íàñòðàèâàòü IP-àäðåñ ñòàòè÷åñêè, êàê âû ýòî äåëàåòå. È èíñòðóêöèè, êàê íàñòðîèòü äâà IP'øíèêà íà WAN-ïîð òîæå íå íàøåë. Êîðî÷å, ÿ áû íàñòðîèë ïîëó÷åíèå IP ïî DHCP è ïîñìîòðåë, êàêèå ìàðøðóòû âûäàþòñÿ äëÿ âàøåãî îñíîâíîãî ïðîâàéäåðà

Originally Posted by êîëáàñêèí

íà îñíîâíîì ïðîâàéäåðå åñòü ñåòè 10.1.xxx.xxx-10.20.xxx.xxx, à íà Beeline UA 10.21.xxx.xxx - 10.60.xxx.xxx

Ñóäÿ ïî íàñòðîéêàì âàø îñíîâíîé øëþç äîëæåí áûòü 192.168.31.1. Âàì â post-firewall ñðàçó æå ïîñëå ñòðî÷êè ip route delete default via 10.44.22.1 íóæíî äîáàâèòü ñëåäóþùèå ñòðî÷êè:

Code:

ip route add 10.1.0.0/16 via 192.168.31.1 dev eth1
ip route add 10.2.0.0/16 via 192.168.31.1 dev eth1
ip route add 10.3.0.0/16 via 192.168.31.1 dev eth1
è òàê äàëåå
ip route add 10.19.0.0/16 via 192.168.31.1 dev eth1
ip route add 10.20.0.0/16 via 192.168.31.1 dev eth1

Originally Posted by êîëáàñêèí

×åðåç áèëàéí ïîäêëþ÷åí ïî ip ê õàáó è íå ìîãó çàéòè íà þçåðîâ, ip ïèíãóåòñÿ

Âû ïåðåøëè íà FlyLinkDC++?

Originally Posted by Power

ïðîùå áóäåò íå ãîðîäèòü îãîðîä, à âîñïîëüçîâàòüñÿ òåì ïðàâèëîì áåç àéïèøíèêîâ, ÷òî ÿ ïðèâ¸ë

Ïîïðàâèë
êîëáàñêèí, èçìåíèòå post-firewall â ñîîòâåòñòâèè ñ ðåêîìåíäàöèÿìè

Thread: Âíóòðåííèé è âíåøíèé IP àäðåñà + DCHub

Thread Tools

Rate This Thread

Display

Similar Threads

Ïîëó÷èë âíåøíèé IP... ïðîáëåì äîáàâèëîñü

Tags for this Thread

Posting Permissions