ALT Linux sysadmins discussion
 help / color / mirror / Atom feed
* [Sysadmins] netfilter и iproute
@ 2007-10-29  8:44 altlinux
  2007-10-29  8:50 ` altlinux
  2007-10-30  5:36 ` altlinux
  0 siblings, 2 replies; 3+ messages in thread
From: altlinux @ 2007-10-29  8:44 UTC (permalink / raw)
  To: ALT Linux sysadmin discuss

всем привет
имею два выхода в инет
нужно сделать что бы могли входить на различные службы как на один так и 
на др. интерфейс.
ppp999(ppoe средствами etcnet) и eth888(pppoe на модеме и на нем 
настроен dmz)
[root@gate eth888]# ip a
2: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
4: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:15:17:23:54:b3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.10/24 brd 192.168.100.255 scope global lan
6: eth888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 100
    link/ether 00:15:17:23:54:b4 brd ff:ff:ff:ff:ff:ff
    inet 192.168.23.2/24 brd 192.168.23.255 scope global eth888
8: splan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:17:9a:38:1f:a0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.1/24 brd 192.168.101.255 scope global splan
10: eth999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
qlen 1000
    link/ether 00:11:95:ed:11:3f brd ff:ff:ff:ff:ff:ff
1: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc 
pfifo_fast qlen 100
    link/[65534]
    inet 192.168.202.1 peer 192.168.202.2/32 scope global tun1
111: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc 
noqueue
    link/void
211: ppp999: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc 
pfifo_fast qlen 3
    link/ppp
    inet ччч.ччч.ччч.ччч peer чч.чч.ччч.225/32 scope global ppp999


пытаюсь промаркировать пакеты идущие на eth888
[root@gate sysconfig]# cat /etc/sysconfig/iptables.conf |grep mark
$IPTABLES -A INPUT -t mangle -p ICMP -i $EXTERNAL_IFACE -j MARK --set-mark 1

потом дабвил 201
[root@gate sysconfig]# cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
201     cts.inout

и дабавил маршрут
ip route add default via 192.168.23.1 dev eth888 table cts.inout
192.168.23.1-это IP на модеме

[root@gate eth888]# ip rule ls
0:      from all lookup local
32765:  from all fwmark 0x1 lookup cts.inout
32766:  from all lookup main
32767:  from all lookup default

[root@gate eth888]# ip r
192.168.99.1 dev venet0  scope link  src 192.168.101.1
192.168.202.2 dev tun1  proto kernel  scope link  src 192.168.202.1
xx.xxx.xxx.xxx dev ppp999  proto kernel  scope link  src xx.xxx.xxx.x
192.168.100.0/24 dev lan  proto kernel  scope link  src 192.168.100.10
192.168.23.0/24 dev eth888  proto kernel  scope link  src 192.168.23.2
192.168.101.0/24 dev splan  proto kernel  scope link  src 192.168.101.1
192.168.200.0/24 via 192.168.202.2 dev tun1
default via чч.ччч.ч.ччч dev ppp999





^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Sysadmins] netfilter и iproute
  2007-10-29  8:44 [Sysadmins] netfilter и iproute altlinux
@ 2007-10-29  8:50 ` altlinux
  2007-10-30  5:36 ` altlinux
  1 sibling, 0 replies; 3+ messages in thread
From: altlinux @ 2007-10-29  8:50 UTC (permalink / raw)
  To: ALT Linux sysadmin discuss

Проблему забыл сказать
пингую внешний IP и пинги идут на интерфей eth888 а выходят с ppp999




^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Sysadmins] netfilter и iproute
  2007-10-29  8:44 [Sysadmins] netfilter и iproute altlinux
  2007-10-29  8:50 ` altlinux
@ 2007-10-30  5:36 ` altlinux
  1 sibling, 0 replies; 3+ messages in thread
From: altlinux @ 2007-10-30  5:36 UTC (permalink / raw)
  To: ALT Linux sysadmin discuss

мне подсказали и всё решилось не маркировкой а созданием файла
[root@gate eth888]# cat ipv4rule
from 192.168.23.2 table cts.inout

> всем привет
> имею два выхода в инет
> нужно сделать что бы могли входить на различные службы как на один так и 
> на др. интерфейс.
> ppp999(ppoe средствами etcnet) и eth888(pppoe на модеме и на нем 
> настроен dmz)
> [root@gate eth888]# ip a
> 2: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 4: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:15:17:23:54:b3 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.100.10/24 brd 192.168.100.255 scope global lan
> 6: eth888: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> qlen 100
>     link/ether 00:15:17:23:54:b4 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.23.2/24 brd 192.168.23.255 scope global eth888
> 8: splan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> qlen 1000
>     link/ether 00:17:9a:38:1f:a0 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.101.1/24 brd 192.168.101.255 scope global splan
> 10: eth999: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast 
> qlen 1000
>     link/ether 00:11:95:ed:11:3f brd ff:ff:ff:ff:ff:ff
> 1: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc 
> pfifo_fast qlen 100
>     link/[65534]
>     inet 192.168.202.1 peer 192.168.202.2/32 scope global tun1
> 111: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc 
> noqueue
>     link/void
> 211: ppp999: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc 
> pfifo_fast qlen 3
>     link/ppp
>     inet ччч.ччч.ччч.ччч peer чч.чч.ччч.225/32 scope global ppp999
>
>
> пытаюсь промаркировать пакеты идущие на eth888
> [root@gate sysconfig]# cat /etc/sysconfig/iptables.conf |grep mark
> $IPTABLES -A INPUT -t mangle -p ICMP -i $EXTERNAL_IFACE -j MARK --set-mark 1
>
> потом дабвил 201
> [root@gate sysconfig]# cat /etc/iproute2/rt_tables
> #
> # reserved values
> #
> 255     local
> 254     main
> 253     default
> 0       unspec
> #
> # local
> #
> #1      inr.ruhep
> 201     cts.inout
>
> и дабавил маршрут
> ip route add default via 192.168.23.1 dev eth888 table cts.inout
> 192.168.23.1-это IP на модеме
>
> [root@gate eth888]# ip rule ls
> 0:      from all lookup local
> 32765:  from all fwmark 0x1 lookup cts.inout
> 32766:  from all lookup main
> 32767:  from all lookup default
>
> [root@gate eth888]# ip r
> 192.168.99.1 dev venet0  scope link  src 192.168.101.1
> 192.168.202.2 dev tun1  proto kernel  scope link  src 192.168.202.1
> xx.xxx.xxx.xxx dev ppp999  proto kernel  scope link  src xx.xxx.xxx.x
> 192.168.100.0/24 dev lan  proto kernel  scope link  src 192.168.100.10
> 192.168.23.0/24 dev eth888  proto kernel  scope link  src 192.168.23.2
> 192.168.101.0/24 dev splan  proto kernel  scope link  src 192.168.101.1
> 192.168.200.0/24 via 192.168.202.2 dev tun1
> default via чч.ччч.ч.ччч dev ppp999
>
>
>
> _______________________________________________
> Sysadmins mailing list
> Sysadmins@lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/sysadmins
>   




^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-10-30  5:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-10-29  8:44 [Sysadmins] netfilter и iproute altlinux
2007-10-29  8:50 ` altlinux
2007-10-30  5:36 ` altlinux

ALT Linux sysadmins discussion

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
		sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
	public-inbox-index sysadmins

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.sysadmins


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git