From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.2.5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id :disposition-notification-to:date:from:user-agent:mime-version:to :subject:content-type; bh=POUG4t/CoIYLNOeKJ8tqLjrS8ek+jZZeoPDKzJH1fpQ=; b=pu4q6uh8FS+vF/XQFQvVxUL6Zh52dP7X9KYPVMKXnhXOAJqmLYTvwa9LYT+rfmfuOw EGkXdDBT88rYjry+B2JTMVS9Zd88+5apPGxFpG9jdC9h1nZWBvJbzJ8DuWyig4zkS/0O SQd0fbtsDZN7wZAfO6TexePpq3/LZ7gwq+zO4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:disposition-notification-to:date:from:user-agent :mime-version:to:subject:content-type; b=W92URmXk5b5QRgNeEswqrxcfp8tZbmUFzcqp5OPJZo3KDEvHrZRzsvgNBARFUSGrzm ISi5PG40wNDfDR+1zicD/rciyknIzAVOXK+KKWOnVkHGvIEmd/3LwWsB3Kt5nMeGLaCn cUrsPhti5sFIXfukyXg9gqI5YaClIiwmtFz78= Message-ID: <4B753D95.1000406@gmail.com> Date: Fri, 12 Feb 2010 20:37:57 +0900 From: Occisor User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5pre) Gecko/20091019 Thunderbird/3.0pre MIME-Version: 1.0 To: ALT Linux Community general discussions Content-Type: multipart/mixed; boundary="------------050807020702000903060203" Subject: [Comm] =?utf-8?b?INC/0YDQvtCx0LvQtdC80LAg0YEgaXB0YWJsZXM=?= X-BeenThere: community@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Community general discussions List-Id: ALT Linux Community general discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Feb 2010 11:38:03 -0000 Archived-At: List-Archive: List-Post: This is a multi-part message in MIME format. --------------050807020702000903060203 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Система ALTLinux 5.0.0 KDE4 Вот кусок из скрипта правил iptables. Цель разрешить форфард только одному ip-адресу. Не рабочий вариант: #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P FORWARD DROP iptables -A FORWARD -s 192.168.7.17 -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE в итоге форвард не работает хотя правило вроде как добавилось: Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- 192.168.7.18 anywhere Рабочий вариант: #!/bin/sh echo 1 > /proc/sys/net/ipv4/ip_forward iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -A FORWARD -s 192.168.7.17 -o eth0 -j ACCEPT iptables -A FORWARD -i ath0 -j DROP iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 192.168.7.18 anywhere DROP all -- anywhere anywhere В чем причина этого казуса? --------------050807020702000903060203 Content-Type: text/x-vcard; charset=utf-8; name="brutalfreak.vcf" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="brutalfreak.vcf" YmVnaW46dmNhcmQNCmZuO3F1b3RlZC1wcmludGFibGU6PUQwPTk4PUQwPUJCPUQxPThDPUQx PThGDQpuO3F1b3RlZC1wcmludGFibGU6Oz1EMD05OD1EMD1CQj1EMT04Qz1EMT04Rg0KYWRy Ojs7OzsyODs7UkYNCmVtYWlsO2ludGVybmV0OmJydXRhbGZyZWFrQGdtYWlsLmNvbQ0Kbm90 ZTtxdW90ZWQtcHJpbnRhYmxlOkphYmJlcjogb2NjaXNvckBqYWJyLnJ1PTBEPTBBPQ0KCUlD UTogMjkyNDQxNzg4DQp4LW1vemlsbGEtaHRtbDpGQUxTRQ0KdmVyc2lvbjoyLjENCmVuZDp2 Y2FyZA0KDQo= --------------050807020702000903060203--