Ïðîáëåìà ñ ðîóòåðîì Asus WL-520gU

[Power]

Ñåðâåð (õàá) ÄÖ, ñ êîòîðûì âû ñîåäèíÿåòåñü, íàõîäèòñÿ â ëîêàëêå èëè èíòåðíåòå?
Åñëè ìîæíî, âûëîæèòå ñþäà âûâîä êîìàíä "route -n" è "iptables-save" ñ ðîóòåðà â òîò ìîìåíò, êîãäà âïí ðàáîòàåò. È äàéòå ïðèìåð àäðåñà õàáà ÄÖ, ñ êîòîðûì ñîåäèíÿåòåñü.

[Serge_K]

Ïîèäåå ãîíèò íà øèôðîâàíèå, ò.å. íóæíî îòêëþ÷èòü ò.ê. ïðîâ íå èñïîëüçóåò åãî.

Ïîïðîáóéòå ïîñòàâèòü

PPTP Options: No Encryption

[LesterKein]

"route -n"

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
89.105.128.75 10.17.28.1 255.255.255.255 UGH 0 0 0 vlan1
89.105.128.66 10.17.28.1 255.255.255.255 UGH 0 0 0 vlan1
89.105.128.66 10.17.28.1 255.255.255.255 UGH 1 0 0 vlan1
89.105.128.67 10.17.28.1 255.255.255.255 UGH 0 0 0 vlan1
89.105.128.67 10.17.28.1 255.255.255.255 UGH 1 0 0 vlan1
89.105.128.68 10.17.28.1 255.255.255.255 UGH 0 0 0 vlan1
89.105.128.7 10.17.28.1 255.255.255.255 UGH 1 0 0 vlan1
89.105.128.64 10.17.28.1 255.255.255.192 UG 0 0 0 vlan1
10.17.28.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
10.0.0.0 10.17.28.1 255.192.0.0 UG 0 0 0 vlan1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 89.105.130.116 0.0.0.0 UG 0 0 0 ppp0
0.0.0.0 10.17.28.1 0.0.0.0 UG 1 0 0 vlan1

iptables-save

# Generated by iptables-save v1.2.7a on Tue Oct 14 19:28:13 2008
*nat
:PREROUTING ACCEPT [389:56701]
:POSTROUTING ACCEPT [265:15799]
:OUTPUT ACCEPT [249:14945]
:VSERVER - [0:0]
-A PREROUTING -d 172.31.139.97 -j VSERVER
-A PREROUTING -d 10.17.28.38 -j VSERVER
-A PREROUTING -d 172.31.139.97 -p udp -m udp --sport 6112 -j NETMAP --to 192.168.1.0/24
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -p udp -m udp --dport 6112 -j NETMAP --to 172.31.139.97/32
-A POSTROUTING -s ! 172.31.139.97 -o ppp0 -j MASQUERADE
-A POSTROUTING -s ! 10.17.28.38 -o vlan1 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -o br0 -j MASQUERADE
-A VSERVER -j DNAT --to-destination 192.168.1.2
COMMIT
# Completed on Tue Oct 14 19:28:13 2008
# Generated by iptables-save v1.2.7a on Tue Oct 14 19:28:13 2008
*mangle
:PREROUTING ACCEPT [13322:8787220]
:INPUT ACCEPT [8476:4802341]
:FORWARD ACCEPT [4692:3957053]
:OUTPUT ACCEPT [7008:1118728]
:POSTROUTING ACCEPT [13008:5560311]
COMMIT
# Completed on Tue Oct 14 19:28:13 2008
# Generated by iptables-save v1.2.7a on Tue Oct 14 19:28:13 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [44:2288]
:OUTPUT ACCEPT [6822:1024733]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o ppp0 -j DROP
-A FORWARD -i ! br0 -o vlan1 -j DROP
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN
-A SECURITY -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Tue Oct 14 19:28:13 2008

Ïðèìåð: dc.krasfiles.ru - õàá íàõîäèòñÿ â ïèðèíãå

ÇÛ Serge_K ñòàâèë òàê, áåç èçìåíåíèé.

[Power]

Ïðèìåð: dc.krasfiles.ru - õàá íàõîäèòñÿ â ïèðèíãå

Åñëè ÿ ïðàâèëüíî ïîíÿë, IP-àäðåñ ýòîãî õàáà = 217.117.187.75, à â ïèðèíãå = â ëîêàëüíîé ñåòè. Íî åñëè òàê, òî ÿ íå âèæó ìàðøðóòà ê íåìó ÷åðåç ëîêàëêó â òàáëèöå ìàðøðóòèçàöèè. Ó âàñ òî÷íî íà ñòðàíèöå "IP Config - Route" â ïîëå Use DHCP routes? âûáðàíî Yes ?

Äàëåå, ÿ áû ïîñîâåòîâàë íà ñòðàíèöå "NAT Setting - Virtual DMZ" âûáðàòü No â ïîëå Starcraft(Battle.Net) (åñëè âû, êîíå÷íî, íå óâåðåíû íà 100%, ÷òî îíî âàì íóæíî) à òàêæå î÷èñòèòü ïîëå IP Address of Exposed Station.
Íà ñòðàíèöå "NAT Setting - Virtual Server" ïðîïèñàòü îòäåëüíûå ïðàâèëà äëÿ ôîðâàðäà ïîðòîâ ÄÖ, êàê íà ñêðèíøîòå èç ïåðâîãî ïîñòà (íå çàáûòü Enable Virtual Server? - Yes). Ñîâåòû: åñëè Port Range ñîñòîèò èç îäíîãî ïîðòà, íå íóæíî ïèñàòü "4769:4769", äîñòàòî÷íî ïðîñòî "4769"; à åñëè Local Port ê òîìó æå ñ íèì ñîâïàäàåò, òî ýòîò ñàìûé Local Port ìîæíî îñòàâèòü ïóñòûì.

Åù¸: ÿ èñïðàâèë ñîîáùåíèå http://wl500g.info/showpost.php?p=115230&postcount=11. Ïðîâàéäåð âûäà¸ò âàì àäðåñ 172.31.139.* (èëè ïîõîæèé). Òàêîé àäðåñ ÿâëÿåòñÿ "ïðèâàòíûì" è íå ìîæåò áûòü âèäåí èç èíòåðíåòà. Îòñþäà è íåñîâïàäåíèå âàøåãî àäðåñà è òîãî àäðåñà, ïîä êîòîðûì âàñ âèäèò ñåðâåð íà ñêðèíøîòå (ÿ òàê ïîíèìàþ, âû íà ýòîì ñåðâåðå ïðîâåðÿëè). Ñîîòâåòñòâåííî, ïðîâåðêà íà îòêðûòèå ïîðòîâ ñ ïîìîùüþ âíåøíåãî ñåðâåðà ñòàíîâèòñÿ áåññìûñëåííîé, âàì íàäî ïðîâåðÿòü ýòî âíóòðè ñåòè (ïîïðîñèòü êîãî-òî ïîäêëþ÷èòüñÿ ê âàì è ò.ï.).

[LesterKein]

Åñëè ÿ ïðàâèëüíî ïîíÿë, IP-àäðåñ ýòîãî õàáà = 217.117.187.75, à â ïèðèíãå = â ëîêàëüíîé ñåòè. Íî åñëè òàê, òî ÿ íå âèæó ìàðøðóòà ê íåìó ÷åðåç ëîêàëêó â òàáëèöå ìàðøðóòèçàöèè. Ó âàñ òî÷íî íà ñòðàíèöå "IP Config - Route" â ïîëå Use DHCP routes? âûáðàíî Yes ?

Äàëåå, ÿ áû ïîñîâåòîâàë íà ñòðàíèöå "NAT Setting - Virtual DMZ" âûáðàòü No â ïîëå Starcraft(Battle.Net) (åñëè âû, êîíå÷íî, íå óâåðåíû íà 100%, ÷òî îíî âàì íóæíî) à òàêæå î÷èñòèòü ïîëå IP Address of Exposed Station.
Íà ñòðàíèöå "NAT Setting - Virtual Server" ïðîïèñàòü îòäåëüíûå ïðàâèëà äëÿ ôîðâàðäà ïîðòîâ ÄÖ, êàê íà ñêðèíøîòå èç ïåðâîãî ïîñòà (íå çàáûòü Enable Virtual Server? - Yes). Ñîâåòû: åñëè Port Range ñîñòîèò èç îäíîãî ïîðòà, íå íóæíî ïèñàòü "4769:4769", äîñòàòî÷íî ïðîñòî "4769"; à åñëè Local Port ê òîìó æå ñ íèì ñîâïàäàåò, òî ýòîò ñàìûé Local Port ìîæíî îñòàâèòü ïóñòûì.

Åù¸: ÿ èñïðàâèë ñîîáùåíèå http://wl500g.info/showpost.php?p=115230&postcount=11. Ïðîâàéäåð âûäà¸ò âàì àäðåñ 172.31.139.* (èëè ïîõîæèé). Òàêîé àäðåñ ÿâëÿåòñÿ "ïðèâàòíûì" è íå ìîæåò áûòü âèäåí èç èíòåðíåòà. Îòñþäà è íåñîâïàäåíèå âàøåãî àäðåñà è òîãî àäðåñà, ïîä êîòîðûì âàñ âèäèò ñåðâåð íà ñêðèíøîòå (ÿ òàê ïîíèìàþ, âû íà ýòîì ñåðâåðå ïðîâåðÿëè). Ñîîòâåòñòâåííî, ïðîâåðêà íà îòêðûòèå ïîðòîâ ñ ïîìîùüþ âíåøíåãî ñåðâåðà ñòàíîâèòñÿ áåññìûñëåííîé, âàì íàäî ïðîâåðÿòü ýòî âíóòðè ñåòè (ïîïðîñèòü êîãî-òî ïîäêëþ÷èòüñÿ ê âàì è ò.ï.).

íå çíàþ êàê òû ëîêàëêó ê ãîðîäó ïðèðîâíÿë. Ëîêàëêà ýòî äî ïîäíÿòèÿ âïí, ëîêàëêà ñåòêè (â ìîåì ñëó÷àå vzletka.net) è àäðåñ âûäàåòñÿ 10.17.28.*.

Use DHCP routes? - yes
DMZ:
IP Address of Exposed Station -÷èñòûé
Starcraft(Battle.Net) - îòìåíèë âûáîð
Ïîðò ôîðâàðäèíã íàñòðîèë.
 ÄÑ WAN èï ïîñòàâèë local IP address 172.31.139.* íó è åññíî ïîðòû êîòîðûå â ïîðò ôîðâàðäèíãå ïðîïèñàë.
Èòîã òàêîé: ÂÏÍ ïåðåñòàë âûëåòàòü, íî òåïåðü íå ïàøåò ïîèñê.
ÇÛÆ Âîîáùåì îòêóäà óøåë ê òîìó è âåðíóëñÿ.
ÇÛÆÆ Ìîæåò â òàáëèöå ìàðøðóòèçàöèè âáèòü ìàðøðóòû åùå êàêèå-òî? Àäìèíû íàøåé ñåòè âðîäå íå î÷åíü ëþáÿò ðàçãëàøàòü èíôî î ìàðøðóòàõ. Óçíàòü Òàáëèöó ìàðøðóòèçàöèè, íå çâîíÿ àäìèíó, ìîæíî êàêòî óçíàòü?

[Power]

Ëàäíî, ñïðîøó ïî-äðóãîìó: DC++ ìîæåò ðàáîòàòü áåç ïîäíÿòèÿ VPN? Èëè æå îí ðàáîòàåò ïîâåðõ VPN?

À åñëè êàáåëü îò ïðîâàéäåðà ïîäêëþ÷èòü íàïðÿìóþ ê êîìïó è íàñòðîèòü ñîåäèíåíèå, áóäåò ÄÖ ðàáîòàòü? Êñòàòè, â ýòîì ñëó÷àå ìîæíî ïîñìîòðåòü òàáëèöó ìàðøðóòèçàöèè íà êîìïå è ñðàâíèòü.

[LesterKein]

Íåò, áåç ïîäíÿòèÿ VPN äñ íå áóäåò ðàáîòàòü. Ïèðèíã, ýòî òîòæå èíåò, íî äëÿ íàñ ïî äðóãîé öåíå íåæåëè èíåò.
Åñëè íà ïðÿìóþ, íå ÷åðåç æåëåçêó âñå ïðåêðàñíî ðàáîòàåò. Äñ òàì òîæå íà ïðÿìó.
×òî-òî ïðî òî ÷òîá ìàðøðóòû ñðàâíèòü è íå äîäóìàë
Òåïåðü è îòâàëèâàåòñÿ âïí..
ÇÛÆ ×òî ìíå òàê íå âåçåò-òî

[ulo]

ñîâñåì íèêòî íå ñòàëêèâàëñÿ ñ ïðîáëåìîé?

[Power]

Âûëîæèòå ñþäà âûâîä iptables-save ïðè óêàçàííûõ íàñòðîéêàõ.
À êîìï, íà êîòîðûé ïîðòû ôîðâàðäÿòñÿ, àäðåñ îò ðîóòåðà ïî dhcp ïîëó÷àåò?
Ýòîò êîìï ïåðåçàãðóæàëè ïîñëå èçìåíåíèÿ íàñòðîåê ðîóòåðà?

[ulo]

Power, ñïàñèáî çà îòêëèê.
Âîîáùå ñèòóàöèÿ òàêàÿ: Èìååòñÿ øëþç è ðîóòåð íà WL500gP (192.168.24.1). DHCP íà íåì âêëþ÷åí äëÿ àäðåñîâ *.10 - *.254.
ÁÎëüøàÿ ÷àñòü êîìïîâ â LAN ïðîïèñàíà ñòàòè÷åñêè. Âñå ðàáîòàþò íîðìàëüíî.
Èìååòñÿ âòîðîé ðîóòåð â ýòîé æå ñåòêå WL520gU (192.168.24.2). Íà íåì DHCP îòêëþ÷åí.
Èç WAN ìîæíî çàõîäèòü â LAN ÷åðåç ïåðâûé ðîóòåð è íå ïîëó÷àåòñÿ ÷åðåç âòîðîé. Êëèåíòñêèå êîìïû ìîæíî ïåðåçàãðóçèòü, íî ñèòóàöèÿ íå ìåíÿåòñÿ.
Íàñ÷åò "âûëîæèòå ñþäà âûâîä iptables-save" ìíå íóæíî îñîçíàòü è íàéòè, ãäå ïî÷èòàòü (ïàðäîí çà áåçãðàìîòíîñòü). Íàñòðàèâàþ âñå ïî-ïðîñòîìó - ÷åðåç web-èíòåðôåéñ.

[LesterKein]

Âîò òàáëèöà ìàðøðóòîâ ïîëó÷åííàÿ ïðè ñîåäèíåíèè íà ïðÿìóþ íå ÷åðåç ðîóòåð..

IPv4 òàáëèöà ìàðøðóòà
================================================== =========================
Àêòèâíûå ìàðøðóòû:
Ñåòåâîé àäðåñ Ìàñêà ñåòè Àäðåñ øëþçà Èíòåðôåéñ Ìåòðèêà
0.0.0.0 0.0.0.0 10.17.28.1 10.17.28.38 4245
0.0.0.0 0.0.0.0 On-link 172.31.139.97 21
10.0.0.0 255.192.0.0 10.17.28.1 10.17.28.38 4246
10.17.28.0 255.255.255.0 On-link 10.17.28.38 4501
10.17.28.38 255.255.255.255 On-link 10.17.28.38 4501
10.17.28.255 255.255.255.255 On-link 10.17.28.38 4501
89.105.128.13 255.255.255.255 10.17.28.1 10.17.28.38 4246
89.105.128.64 255.255.255.192 10.17.28.1 10.17.28.38 4246
89.105.128.66 255.255.255.255 10.17.28.1 10.17.28.38 4246
89.105.128.67 255.255.255.255 10.17.28.1 10.17.28.38 4246
89.105.128.68 255.255.255.255 10.17.28.1 10.17.28.38 4246
89.105.128.75 255.255.255.255 10.17.28.1 10.17.28.38 4246
127.0.0.0 255.0.0.0 On-link 127.0.0.1 4531
127.0.0.1 255.255.255.255 On-link 127.0.0.1 4531
127.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
172.31.139.97 255.255.255.255 On-link 172.31.139.97 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 4531
224.0.0.0 240.0.0.0 On-link 10.17.28.38 4504
224.0.0.0 240.0.0.0 On-link 172.31.139.97 21
255.255.255.255 255.255.255.255 On-link 127.0.0.1 4531
255.255.255.255 255.255.255.255 On-link 10.17.28.38 4501
255.255.255.255 255.255.255.255 On-link 172.31.139.97 276
================================================== =========================
Ïîñòîÿííûå ìàðøðóòû:
Ñåòåâîé àäðåñ Ìàñêà Àäðåñ øëþçà Ìåòðèêà
0.0.0.0 0.0.0.0 192.168.1.1 Ïî óìîë÷àíèþ

Âðîäå ïîëó÷èëîñü íàëàäèòü ÄÑ, Ïîëüçîâàëñÿ http://wl500g.info/showpost.php?p=23823&postcount=4
Åùå ïîìåíÿë èï ìàðøðóòèçàòîðà, è ïðèñâîèë êîìïó èï, íà êîòîðîì ÄÑ 192.168.1.1 (â êàêîéòî òåìå ïîïàäîëü ÷òî íà WL-520GU áûëè áàãè ñ íåðàáî÷èì Virtual server).

ÍÎ!!!! Ïîÿâèëàñü åùå ïðîáëåìà, êîãäà äåëàåøü ïîèñê â ÄÑ è èñêîìûé ôàéë ó áîëüøîãî êîë-âà íàðîäà (ò.å. î÷åíü áîëüøîé ñïèñîê íàéäåííîãî) ÂÏÍ ñîåäèíåíèå âèñíåò íàìåðòâî. ñ íåáîëüøèì ÷èñëîì ôàéëîâ âñå ãóä. Ñïóñòÿ íåêîòîðîå âðåìÿ ïîñëå çàâèñàíèÿ, â ëîãå âîò ÷òî:

pppd[104]: No response to 6 echo-requests

[Power]

À WL520gU ïîêëþ÷åí ê wan ñîâåðøåííî îòäåëüíî îò WL500gP èëè ÷åðåç íåãî èëè êàê-òî ïàðàëëåëüíî? Ò.å. ÷òî çíà÷èò "â ýòîé æå ñåòêå"?

Íàñ÷åò "âûëîæèòå ñþäà âûâîä iptables-save" ìíå íóæíî îñîçíàòü è íàéòè, ãäå ïî÷èòàòü (ïàðäîí çà áåçãðàìîòíîñòü). Íàñòðàèâàþ âñå ïî-ïðîñòîìó - ÷åðåç web-èíòåðôåéñ.

Ìîæíî çàéòè ïî telnet è âûïîëíèòü â êîíñîëè, à ìîæíî ïðîñòî íà ñòðàíèöå http://my.router/Main_AdmStatus_Content.asp (àäðåñ ðîóòåðà ïîäñòàâüòå ñâîé).

[ulo]

À WL520gU ïîêëþ÷åí ê wan ñîâåðøåííî îòäåëüíî îò WL500gP èëè ÷åðåç íåãî èëè êàê-òî ïàðàëëåëüíî? Ò.å. ÷òî çíà÷èò "â ýòîé æå ñåòêå"?

â ñìûñëå â îäíîé ïîäñåòêå è â WAN, è â LAN:
WL500gP èìååò WAN x.y.z.21, LAN 192.168.24.1
WL520gP èìååò WAN x.y.z.22, LAN 192.168.24.2

Ìîæíî çàéòè ïî telnet è âûïîëíèòü â êîíñîëè, à ìîæíî ïðîñòî íà ñòðàíèöå http://my.router/Main_AdmStatus_Content.asp (àäðåñ ðîóòåðà ïîäñòàâüòå ñâîé).

Ñïàñèáî çà ññûëêó, óæå íàøåë, ÷òî ïî÷èòàòü, íî íóæíî âðåìÿ.
Íèæå - iptables-save äëÿ WL520gU. Íàäåþñü, ñ ñîäåðæèìûì òîæå ñàì ðàçáåðóñü, íî, âèäèìî, íå ñðàçó.
Ïîýòîìó, åñëè óâèäèòå íå÷òî âîïèþùåå è ïîäñêàæåòå, áóäó î÷åíü ïðèçíàòåëåí.
Èíòåðåñ ïðåäñòàâëÿåò ñåðâèñ RDP (äâå ïîñëåäíèå ñòðî÷êè â NAT,
îñòàëüíûå, ïîõîæå, îñòàòêè îò ïðåäûäóùèõ íàñòðîåê, ò.ê. â web-èíòåðôåéñå íà Virtual Server èõ íå âèäíî).

========================
# Generated by iptables-save v1.2.7a on Wed Oct 15 14:25:07 2008
*nat
:PREROUTING ACCEPT [7636:922384]
:POSTROUTING ACCEPT [5905:353607]
:OUTPUT ACCEPT [5704:348632]
:VSERVER - [0:0]
-A PREROUTING -d WAN_address -j VSERVER
-A POSTROUTING -s ! WAN_address -o vlan1 -j MASQUERADE
-A POSTROUTING -s 192.168.24.0/255.255.255.0 -d 192.168.24.0/255.255.255.0 -o br0 -j MASQUERADE
-A VSERVER -p tcp -m tcp --dport 49080 -j DNAT --to-destination 192.168.24.2:80
-A VSERVER -p tcp -m tcp --dport 63191 -j DNAT --to-destination 192.168.24.31:63190
-A VSERVER -p udp -m udp --dport 63191 -j DNAT --to-destination 192.168.24.31:63190
-A VSERVER -p udp -m udp --dport 19106 -j DNAT --to-destination 192.168.24.61:19106
-A VSERVER -p tcp -m tcp --dport 19106 -j DNAT --to-destination 192.168.24.61:19106
-A VSERVER -p tcp -m tcp --dport 11242 -j DNAT --to-destination 192.168.24.61:11242
-A VSERVER -p udp -m udp --dport 11242 -j DNAT --to-destination 192.168.24.61:11242
-A VSERVER -p tcp -m tcp --dport 63190 -j DNAT --to-destination 192.168.24.31:63190
-A VSERVER -p udp -m udp --dport 63190 -j DNAT --to-destination 192.168.24.31:63190
-A VSERVER -p tcp -m tcp --dport 63192 -j DNAT --to-destination 192.168.24.49:63190
-A VSERVER -p udp -m udp --dport 63192 -j DNAT --to-destination 192.168.24.49:63190
-A VSERVER -p tcp -m tcp --dport 49160 -j DNAT --to-destination 192.168.24.60:3389
-A VSERVER -p tcp -m tcp --dport 49124 -j DNAT --to-destination 192.168.24.24:3389
COMMIT
# Completed on Wed Oct 15 14:25:07 2008

# Generated by iptables-save v1.2.7a on Wed Oct 15 14:25:07 2008
*mangle
:PREROUTING ACCEPT [141653:30467643]
:INPUT ACCEPT [138591:30118877]
:FORWARD ACCEPT [593:30572]
:OUTPUT ACCEPT [98788:18714061]
:POSTROUTING ACCEPT [128010:29441401]
COMMIT
# Completed on Wed Oct 15 14:25:07 2008

# Generated by iptables-save v1.2.7a on Wed Oct 15 14:25:07 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [98744:18695774]
:MACS - [0:0]
:SECURITY - [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -m state --state NEW -j ACCEPT
-A INPUT -i br0 -m state --state NEW -j ACCEPT
-A INPUT -d 192.168.24.2 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i ! br0 -o vlan1 -j DROP
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A FORWARD -o br0 -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A SECURITY -p udp -m limit --limit 5/sec -j RETURN
-A SECURITY -p icmp -m limit --limit 5/sec -j RETURN
-A SECURITY -j DROP
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence --log-tcp-options --log-ip-options
-A logdrop -j DROP
COMMIT
# Completed on Wed Oct 15 14:25:07 2008
========================

[Power]

ÍÎ!!!! Ïîÿâèëàñü åùå ïðîáëåìà, êîãäà äåëàåøü ïîèñê â ÄÑ è èñêîìûé ôàéë ó áîëüøîãî êîë-âà íàðîäà (ò.å. î÷åíü áîëüøîé ñïèñîê íàéäåííîãî) ÂÏÍ ñîåäèíåíèå âèñíåò íàìåðòâî.

À íå ïðîáîâàëè ñìîòðåòü çàãðóçêó ïðîöà ðîóòåðà â ýòîò ìîìåíò (êîìàíäà top â êîíñîëè)?

[LesterKein]

À íå ïðîáîâàëè ñìîòðåòü çàãðóçêó ïðîöà ðîóòåðà â ýòîò ìîìåíò (êîìàíäà top â êîíñîëè)?

Íåò, íå ïðîáîâàë. Äóìàòå ðåñóðñà íå õâàòàåò? Äàæå DLINK ñ ýòèì ñïðàâëÿåòñÿ. Ìîæåò äåëî â MTU èëè åùå â ÷åì-òî?