From: "altlinux@aaanet.ru" <altlinux@aaanet.ru> To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org> Subject: [Sysadmins] netfilter и iproute Date: Mon, 29 Oct 2007 11:44:17 +0300 Message-ID: <47259D61.30201@aaanet.ru> (raw) всем привет имею два выхода в инет нужно сделать что бы могли входить на различные службы как на один так и на др. интерфейс. ppp999(ppoe средствами etcnet) и eth888(pppoe на модеме и на нем настроен dmz) [root@gate eth888]# ip a 2: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo 4: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:15:17:23:54:b3 brd ff:ff:ff:ff:ff:ff inet 192.168.100.10/24 brd 192.168.100.255 scope global lan 6: eth888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:15:17:23:54:b4 brd ff:ff:ff:ff:ff:ff inet 192.168.23.2/24 brd 192.168.23.255 scope global eth888 8: splan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:17:9a:38:1f:a0 brd ff:ff:ff:ff:ff:ff inet 192.168.101.1/24 brd 192.168.101.255 scope global splan 10: eth999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:11:95:ed:11:3f brd ff:ff:ff:ff:ff:ff 1: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100 link/[65534] inet 192.168.202.1 peer 192.168.202.2/32 scope global tun1 111: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue link/void 211: ppp999: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast qlen 3 link/ppp inet ччч.ччч.ччч.ччч peer чч.чч.ччч.225/32 scope global ppp999 пытаюсь промаркировать пакеты идущие на eth888 [root@gate sysconfig]# cat /etc/sysconfig/iptables.conf |grep mark $IPTABLES -A INPUT -t mangle -p ICMP -i $EXTERNAL_IFACE -j MARK --set-mark 1 потом дабвил 201 [root@gate sysconfig]# cat /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 201 cts.inout и дабавил маршрут ip route add default via 192.168.23.1 dev eth888 table cts.inout 192.168.23.1-это IP на модеме [root@gate eth888]# ip rule ls 0: from all lookup local 32765: from all fwmark 0x1 lookup cts.inout 32766: from all lookup main 32767: from all lookup default [root@gate eth888]# ip r 192.168.99.1 dev venet0 scope link src 192.168.101.1 192.168.202.2 dev tun1 proto kernel scope link src 192.168.202.1 xx.xxx.xxx.xxx dev ppp999 proto kernel scope link src xx.xxx.xxx.x 192.168.100.0/24 dev lan proto kernel scope link src 192.168.100.10 192.168.23.0/24 dev eth888 proto kernel scope link src 192.168.23.2 192.168.101.0/24 dev splan proto kernel scope link src 192.168.101.1 192.168.200.0/24 via 192.168.202.2 dev tun1 default via чч.ччч.ч.ччч dev ppp999
next reply other threads:[~2007-10-29 8:44 UTC|newest] Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top 2007-10-29 8:44 altlinux [this message] 2007-10-29 8:50 ` altlinux 2007-10-30 5:36 ` altlinux
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=47259D61.30201@aaanet.ru \ --to=altlinux@aaanet.ru \ --cc=sysadmins@lists.altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux sysadmins discussion This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \ sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com public-inbox-index sysadmins Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.sysadmins AGPL code for this site: git clone https://public-inbox.org/public-inbox.git