From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <admin@computer-service.ru>
Message-ID: <007e01c72839$6a3bcf60$0200a8c0@mics.local>
From: "Nikolay(computer-service.ru)" <admin@computer-service.ru>
To: "ALT Linux sysadmin discuss" <sysadmins@lists.altlinux.org>
References: <E1Gy9Gz-000ECw-00.dmdolg2002-mail-ru@f43.mail.ru><00e301c727f6$a469be60$0200a8c0@mics.local>
	<5410086691.20061225122258@mail.ru>
Date: Mon, 25 Dec 2006 18:29:06 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1807
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807
Content-Transfer-Encoding: quoted-printable
X-SpamTest-Info: Profile: Formal (872/061225)
X-SpamTest-Info: Profile: Detect Standard (4/030526)
X-SpamTest-Info: Profile: SysLog
X-SpamTest-Info: Profile: Archiving/Rejecting (2/030321)
X-SpamTest-Status: Not detected
X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release
Subject: Re: [Sysadmins] DNAT???
X-BeenThere: sysadmins@lists.altlinux.org
X-Mailman-Version: 2.1.9rc1
Precedence: list
Reply-To: ALT Linux sysadmin discuss <sysadmins@lists.altlinux.org>
List-Id: ALT Linux sysadmin discuss <sysadmins.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/sysadmins>
List-Post: <mailto:sysadmins@lists.altlinux.org>
List-Help: <mailto:sysadmins-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/sysadmins>,
	<mailto:sysadmins-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Dec 2006 15:33:03 -0000
Archived-At: <http://lore.altlinux.org/sysadmins/007e01c72839$6a3bcf60$0200a8c0@mics.local/>
List-Archive: <http://lore.altlinux.org/sysadmins/>

> skip
>
> >=E1 =C5=D3=CC=C9 =DC=D4=CF =CE=C5 =D4=CF=CC=D8=CB=CF 80 =D0=CF=D2=D4, =
=D7=CF=CF=C2=DD=C5 =CC=C0=C2=CF=CA =D0=CF=D2=D4 =CF=C4=CE=CF=CA =CD=C1=DB=
=C9=CE=D9 =D0=D2=CF=C2=D2=CF=D3=C9=D4=D8
=CE=C1
> >=C4=D2=D5=C7=D5=C0 =CD=C1=DB=C9=CE=D5.
>  >skip
> =ED=CE=C5 =CB=C1=D6=C5=D4=D3=D1 =DC=D4=CF =DA=C1=C4=C1=DE=CB=C1 =CE=C5 =
=D0=D2=CF D/S NAT,=C1 =D0=D2=CF =CD=C1=D2=DB=D2=D5=D4=C9=DA=C1=C3=C9=C0.
> =EB=C1=D6=C4=C1=D1 =D3=C5=D4=D8 192.168.0.XXX =C9 192.168.1.XXX  =C9=CD=
=C5=C5=D4 =D3=D7=CF=CA default gateway -=CE=C5
=D7=C5=D5=DD=C9=CA =D7 =D3=CF=D3=C5=C4=CE=C0=C0.
> =EB=CF=CD=D0 =D3 2 =CB=C1=D2=D4=C1=CD=C9 =D7=C9=C4=C9=D4 =CF=C2=C5 =D3=C5=
=D4=C9. =EE=C1 =CE=C5=CD =D2=C1=DA=D2=C5=DB=C5=CE=C1 =D0=C5=D2=C5=D3=D9=CC=
=CB=C1 =D0=C1=CB=C5=D4=CF=D7
> =C9=DA =CF=C4=CE=CF=CA =D3=C5=D4=C9 =D7 =C4=D2=D5=C7=D5=C0.
> =E5=D3=CC=C9  =CB=C1=D6=C4=CF=CD=D5  =DB=CC=C0=DA=D5 =D3=C5=D4=C9 =CF=C2=
=DF=D1=D3=CE=C9=D4=D8 =D0=D2=CF =D3=D5=DD=C5=D3=D4=D7=CF=D7=C1=CE=C9=C5 =C4=
=D2=D5=C7=CF=CA =D3=C5=D4=C9
> route add -net 192.168.0.XXX gw 192.168.1.40
> =C9
> route add -net 192.168.1.XXX gw 192.168.0.40
> =D4=CF =D3=C5=D4=C9 =D5=DA=CE=C1=C0=D4 =CF =D3=D7=D1=DA=C9 =C4=D2=D5=C7=
 =D3 =C4=D2=D5=C7=CF=CD =DE=C5=D2=C5=DA =CB=CF=CD=D0 =D3 2_=CD=D1 =C9=CE=D4=
=C5=D2=C6=C5=CA=D3=C1=CD=C9.
> =E5=D3=CC=C9 =D4=C1=CB=D5=C0 =DA=C1=D0=C9=D3=D8 =D3=C4=C5=CC=C1=D4=D8 =CE=
=C5 =CE=C1 =DB=CC=C0=DA=C5, =C1 =D4=CF=CC=D8=CB=CF =CE=C1 =CB=C1=D6=C4=CF=
=CA =C9=DA 2_=C8 =CD=C1=DB=C9=CE =D7
=D2=C1=DA=CE=D9=C8
> =D0=CF=C4=D3=C5=D4=D1=C8( =D0=D2=CF=D0=C9=D3=D9=D7=C1=D1 =D7 =D2=CF=D5=D4=
=C9=CE=C7 =CE=C5 =D3=C5=D4=D8 =C1 =CF=D4=C4=C5=CC=D8=CE=D5=C0 =CD=C1=DB=C9=
=CE=D5 )
> --=D4=CF 2 =DC=D4=C9=C8 =CB=CF=CD=D0=D8=C0=D4=C5=D2=C1 =D5=D7=C9=C4=D1=D4=
 =C4=D2=D5=C7 =C4=D2=D5=C7=C1 (=CF=D3=D4=C1=CC=D8=CE=D9=CD =CD=C1=DB=C9=CE=
=C1=CD
> =D0=D2=CF =DC=D4=CF =CE=C9=DE=C5=C7=CF =C9=DA=D7=C5=D3=D4=CE=CF =CE=C5 =
=C2=D5=C4=C5=D4.)
> =EB=C1=CB =CF=D4=C6=C9=CC=D8=D4=D2=CF=D7=C1=D4=D8 =C4=CF=D3=D4=D5=D0 =D4=
=CF=CC=D8=CB=CF =CE=D5=D6=CE=D9=CA =D0=CF=D2=D4 =CE=C1 =CB=CF=CD=D0=D8=C0=
=D4=C5=D2=C5 =CD=C5=D6=C4=D5 =D3=C5=D4=D1=CD=C9
> --=DA=C4=C5=D3=D8 =D5=D6=C5 =D0=D2=C9=D7=CF=C4=C9=CC=CF=D3=D8 -=DA=C1=D0=
=D2=C5=D4=C9=D8 =D7=D3=A3 =CB=D2=CF=CD=C5 80 =D0=CF=D2=D4=C1.
> =FE=D4=CF =C2=D9 =CE=C5 "=D3=D7=C5=D4=C9=D4=D8" IP =C1=C4=D2=C5=D3=C1=CD=
=C9 - =CE=C1 =CE=D5=D6=CE=D9=C8 =C4=CC=D1 =D3=CF=CF=C2=DD=C5=CE=C9=D1 =CD=
=C1=DB=C9=CE=C1=C8
> =CF=C6=CF=D2=CD=CC=D1=C5=CD =C6=C1=CA=CC .

=F3=F0=E1=F3=E9=E2=EF =D7=D3=C5=CD =CB=D4=CF =D0=D2=C9=CE=D1=CC =D6=C9=D7=
=CF=C5 =D5=DE=C1=D3=D4=C9=C5 =D7 =CF=C2=D3=D5=D6=C4=C5=CE=C9=C9 =D0=D2=CF=
=C2=CC=C5=CD=D9!!!!
=FA=C1=C4=C1=DE=C1 =D2=C1=DA=D2=C5=DB=C9=CC=C1=D3=D8 =D0=D2=C9=CD=C5=CE=C5=
=CE=C9=C5=CD S/D NAT
=EF=D4=DE=C5=D4:
1. =F2=C1=DA=D2=C5=DB=C1=C5=CD =CE=C1 =CD=C1=DB=C9=CE=C5 =D3 2 =CB=C1=D2=D4=
=C1=CD=C9 =C6=CF=D2=D7=C1=D2=C4=C9=CE=C7 (sysctl.conf ->
net.ipv4.ip_forward =3D 1)
2. =D7 iptables =C4=CF=C2=C1=D7=CC=D1=C5=CD =D0=D2=C1=D7=C9=CC=C1

*nat
-A PREROUTING -p tcp -d 192.168.0.40 --dport 80 -j DNAT --to-destination
192.168.1.1:80
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o eth0 -j SNAT --to-source
192.168.1.1


*filter
-A FORWARD -s 192.168.0.0/255.255.255.0 -o eth0 -j ACCEPT
-A FORWARD -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT

=EF=C2=D2=C1=DD=C1=C5=CD=D3=D1 =C9=DA =D3=C5=D4=C9 192.168.0.0/255.255.25=
5.0 =CE=C1 192.168.0.40:80 =C9 =D0=CF=CC=D5=DE=C1=C5=CD
=C4=C1=CE=CE=D9=C5 =D3  192.168.1.1:80