From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Thu, 2 Nov 2006 14:25:56 +0300 From: Afanasov Dmitry To: sysadmins@lists.altlinux.org Message-ID: <20061102112556.GD10887@ender.nbrkomi.ru> Mail-Followup-To: sysadmins@lists.altlinux.org References: <454886DF.9080705@mec.tgl.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C1iGAkRnbeBonpVg" Content-Disposition: inline In-Reply-To: <454886DF.9080705@mec.tgl.ru> User-Agent: Mutt/1.5.11 Subject: Re: [Sysadmins] =?koi8-r?b?5NfBIMvBzsHMwSDXIMnO1MXSzsXU?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.9rc1 Precedence: list Reply-To: ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2006 11:25:54 -0000 Archived-At: List-Archive: --C1iGAkRnbeBonpVg Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 01, 2006 at 03:37:03PM +0400, Yuri V. Anikin wrote: > 32758: from 195.209.85.33 lookup MCN > 32759: from 85.112.43.86 lookup VGT > 32760: from 195.209.85.33 lookup MCN > 32761: from 85.112.43.86 lookup VGT =DA=C1=DE=C5=CD =D3=D4=CF=CC=D8=CB=CF =CB=CF=D0=C9=CA? =D1=C4=D2=D9=DB=CB= =CF =CF=D3=D4=C1=CE=CF=D7=C9=D4=D3=D1 =CE=C1 =D0=C5=D2=D7=CF=CD =D3=CF=D7= =D0=C1=C4=C5=CE=C9=C9, =C1 =C4=C1=CC=D8=DB=C5 =CE=C5 =D0=CF=CA=C4=C5=D4. > default via 195.209.85.34 dev eth1 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =CF=D4=CB=D5=C4=C1 =C2=D9 =CE=C5 =D0=D2=C9=DB=A3=CC =D0=C1=CB=C5=D4, =CF=D4= =D7=C5=D4 =C9=C4=C5=D4 =D7=D3=C5=C7=C4=C1 =DE=C5=D2=C5=DA eth1. =C1 =D3=CC= =C5=C4=CF=D7=C1=D4=C5=CC=D8=CE=CF, =C5=D3=CC=C9 =D5 =CE=C1=D3 SNAT, =D4=CF =CF=D4=D7=C5=D4 =D0=CF=CA=C4=C5=D4 = =D3 =C4=D2=D5=C7=CF=C7=CF ip, =C1 =DA=CE=C1=DE=C9=D4 =CF=C2=D2=D9=D7 =D3=CF= =C5=C4=C9=CE=C5=CE=C9=D1 > 5) Iptables =CE=C1=D3=D4=D2=CF=C5=CE =CE=C1 NAT =C9 forwarding 80 =D0=CF= =D2=D4=C1 =D7 DMZ-=D3=C5=D4=D8 192.168.0.0 =D7=CF=D4 =D5 =CD=C5=CE=D1 =C9=CD=C5=CE=CE=CF =DC=D4=CF=C7=CF =CF=CB=C1=DA= =C1=CC=CF=D3=D8 =CD=C1=CC=CF, =D0=D2=C9=DB=CC=CF=D3=D8 =CF=D4=C4=C5=CC=D8= =CE=CF =D5=CB=C1=DA=D9=D7=C1=D4=D8 netfilter, =DE=D4=CF =C5=D3=CC=C9 =D0=C1=CB=C5=D4 =D0=D2=C9=DB=A3=CC =D3 = =C4=D2=D5=C7=CF=C7=CF =C9=CE=D4=C5=D2=C6=C5=CA=D3=C1, =CF=D4=D7=C5=DE=C1=D4= =D8 =D0=CF =CE=C5=CD=D5 =D6=C5. =C4=CC=D1 =D7=C8=CF=C4=D1=DD=C9=CA =D0=CF=C4=CB=CC=C0=DE=C5=CE=C9=CA =DC=D4= =CF =D7=D9=C7=CC=D1=C4=C5=CC=CF =D4=C1=CB: iptables -t mangle -A INPUT -i eth1 -j CONNMARK --set-mark 0x200=20=20 // =C9=D3=D0=CF=CC=D8=DA=D5=C5=D4=D3=D1 =C9=CD=C5=CE=CE=CF CONNMARK, =C1 = =CE=C5 MARK, =D4=C1=CB =CB=C1=CB =D0=CF=D3=CC=C5 =D0=D2=CF=C7=CC=C1=D4=D9= =D7=C1=CE=C9=D1 // =D0=CF=C4=CB=CC=C0=DE=C5=CE=C9=D1 =D1=C4=D2=CF=CD, =D7=C5=D3=D8 sk_buf = =D3 MARK =D5=D3=D2=C5=D4, =C9 =C4=CC=D1 INPUT // =D3=C7=C5=CE=C5=CE=C9=D2=C9=D2=D5=C5=D4=D3=D1 =CE=CF=D7=D9=CA =D0=C1=CB= =C5=D4, =D3 =D0=D5=D3=D4=D9=CD MARK. // CONNMARK =D6=C5 =D3=D4=C1=D7=C9=D4=D8=D3=D1 =CE=C1 =D0=CF=C4=CB=C0=CC=DE= =C5=CE=C9=C5 =C9 =C8=D2=C1=CE=C9=D4=D3=D1 =CE=C5=DA=C1=D7=C9=D3=C9=CD=CF iptables -t mangle -A OUTPUT -m connmark --mark 0x200 -j MARK --set-mark 0x200 // =C1 =D7=CF=D4 =DA=C4=C5=D3=D8 =D5=D6=C5 =D0=D2=CF=D3=D4=C1=D7=CC=D1=C5= =D4=D3=D1 =C9=CD=C5=CE=CE=CF netfilter mark =CE=C1 =CF=D3=D7=CE=CF=C5 =C9= =CE=C6=D9 =C9=DA // connection tracking // =C3=C5=D0=CF=DE=CB=C1 =C9=CD=C5=CE=CE=CF OUTPUT, =D4=C1=CB =CB=C1=CB =D7= POSTROUTING =D7=D9=DE=C5=D3=CC=C5=CE=C9=C5 =CD=C1=D2=DB=D2=D5=D4=C1 =C9 // =C9=D3=C8=CF=C4=D1=DD=C5=C7=CF eth =D5=D6=C5 =C2=D5=C4=C5=D4 =D0=D2=CF= =C9=DA=D7=C5=C4=C5=CE=CF ip rule add pref 10000 fwmark 0x200 table PASSIVEETH ip route add table PASSIVEETH add default via <=DE=D4=CF =D4=C1=CD =CE=C1= =C4=CF> =C4=CC=D1 =D3=CB=D7=CF=DA=CE=D9=C8 =D0=C1=CB=C5=D4=CF=D7 =D2=C1=C2=CF=D4=C1= =D4=D8 =CE=C1=C4=CF =D3 =C3=C5=D0=CF=DE=CB=CF=CA FORWARD: =CE=C1 -i eth1 = =D3=D4=C1=D7=C9=D4=D8 CONNMARK, =CE=C1 -i eth2 =D3=D4=C1=D7=C9=D4=D8 =D5=D3=CC=CF=D7=C9=C5 -m con= nmark --mark > 6) =F1=C4=D2=CF 2.4.20-alt12-up =C4=CF=CC=D6=CE=CF =C9 =D4=D5=D4 =D2=C1=C2=CF=D4=C1=D4=D8 > =F7 /var/log/kernel/warnings =D3=D9=D0=D1=D4=D3=D1 =D3=CF=CF=C2=DD=C5=CE= =C9=D1 =C6=C1=CA=D2=D7=CF=CC=C1 =CF "=CD=C1=D2=D3=C9=C1=CE=D3=CB=C9=C8=20 > =C9=D3=D4=CF=DE=CE=C9=CB=C1=C8". =F3=CF=CF=C2=D2=C1=D6=C5=CE=C9=D1? =C1 =D7=CF=D4 =D0=D2=CF =DC=D4=CF =D3=CF=CF=C2=D2=C1=DA=C9=D4=D8 =CE=C5 =CD= =CF=C7=D5. =D3=CF=CF=C2=DD=C1=C5=CE=C9=D1 =CF =CD=C1=D2=D3=C9=CF=CE=C3=C1=C8 =D7=C1=CC= =D1=D4=D3=D1, =C5=D3=CC=C9 =CF=C2=D2=C1=D4=CE=D9=CA =CD=C1=D2=DB=D2=D5=D4 (= =D0=D2=CF=D7=C5=D2=CB=C1 =D7=CB=CC=C0=DE=C1=C5=D4=D3=D1/=D7=D9=CB=CC=C0=DE=C1=C5=D4=D3=D1 =DE=C5=D2= =C5=DA rc_filter) =CE=C5 =D3=CF=D7=D0=C1=C4=C1=C5=D4 =D3 =D7=C8=CF=C4=D1=DD= =C9=CD =C9=CE=D4=C5=D2=C6=C5=CA=D3=CF=CD. =D7 =D0=D2=C9=CE=C3=C9=D0=C5 =CC=CF=C7= =C9=DE=CE=CF: =D0=D2=C9=DB=CC=CF =D0=CF eth1, =CF=D4=D7=C5=D4 =C9=C4=C5=D4 = =D0=CF eth0. =D4=C9=D0=C9=DE=CE=D9=CA =CD=C1=D2=D3=C9=C1=CE=C9=CE :) --=20 =F3 =D5=D7=C1=D6=C5=CE=C9=C5=CD =E1=C6=C1=CE=C1=D3=CF=D7 =E4=CD=C9=D4=D2=C9=CA --C1iGAkRnbeBonpVg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFSdXEjldKzJAPFIkRAlNXAJ4gngWovxAcx0WI03TeTpfGgeVbuACgjwrP 47h/WdZJvlHNaTrxTov5XE8= =jCS1 -----END PGP SIGNATURE----- --C1iGAkRnbeBonpVg--