From: "Владимир Саломатин" <salomatin.ru@mail.ru>
To: Владимир <haw@inbox.ru>
Cc: sysadmins@lists.altlinux.org
Subject: Re: [Sysadmins] Ковчег 5.0 - странно работает NAT через pppoe
Date: Wed, 02 Dec 2009 06:38:46 +0300
Message-ID: <E1NFg3C-0006LA-00.salomatin-ru-mail-ru@f5.mail.ru> (raw)
In-Reply-To: <200912020012.47978.haw@inbox.ru>
> а если только
> service iptables restart
> iptables -t nat -F
> iptables -F
> echo "1" > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source 91.144.134.30
> iptables -n -L -v
> iptables -n -L -v -t nat
[root@myseif ~]# iptables -n -L -v
Chain INPUT (policy ACCEPT 184K packets, 26M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1126 packets, 353K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 187K packets, 29M bytes)
pkts bytes target prot opt in out source destination
[root@myseif ~]# iptables -n -L -v -t nat
Chain PREROUTING (policy ACCEPT 3244K packets, 3307M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 14896 packets, 1163K bytes)
pkts bytes target prot opt in out source destination
1 76 SNAT all -- * ppp1 0.0.0.0/0 0.0.0.0/0 to:91.144.134.30
Chain OUTPUT (policy ACCEPT 14551 packets, 976K bytes)
pkts bytes target prot opt in out source destination
На локальной машине:
[vova@rabst ~]$ tracepath 193.1.193.64
1: 192.168.1.2 (192.168.1.2) 1.372ms pmtu 1500
1: myseif.myseif.ru (192.168.1.254) 4.922ms
1: myseif.myseif.ru (192.168.1.254) 0.948ms
2: myseif.myseif.ru (192.168.1.254) 0.736ms pmtu 1476
2: net132.144.91-222.chel.ertelecom.ru (91.144.132.222) 3.381ms asymm 3
3: net132.144.91-202.chel.ertelecom.ru (91.144.132.202) 2.294ms
4: border.chel.ertelecom.ru (91.144.132.73) 2.480ms asymm 5
5: net132.144.91-154.chel.ertelecom.ru (91.144.132.154) 4.297ms asymm 6
6: 90.150.3.201 (90.150.3.201) 2.838ms
7: 10.233.10.29 (10.233.10.29) 3.487ms asymm 9
8: 10.233.10.13 (10.233.10.13) 3.801ms asymm 9
9: 90.150.3.194 (90.150.3.194) 3.029ms
10: 90.150.3.193 (90.150.3.193) 35.012ms asymm 9
11: 217.115.84.225 (217.115.84.225) 3.344ms asymm 7
12: 87.226.142.165 (87.226.142.165) 36.805ms
13: xe-1-3-0.lndn-ar1.intl.ip.rostelecom.ru (87.226.133.130) 102.925ms
14: ldn-b3-link.telia.net (213.248.79.121) 97.846ms asymm 19
15: ldn-bb1-link.telia.net (80.91.249.171) 97.862ms asymm 18
16: dln-b3-link.telia.net (80.91.249.134) 108.032ms asymm 19
17: heanet-ic-126792-dln-b3.c.telia.net (213.248.88.10) 114.248ms asymm 14
18: te5-1-blanch-sr1.services.hea.net (193.1.236.2) 114.753ms asymm 14
19: te5-1-blanch-sr1.services.hea.net (193.1.236.2) 114.830ms !H
Resume: pmtu 1476
При попытках запустить APT
[root@rabst ~]# apt-get update
Err ftp://ftp.altlinux.org noarch release
Connection timeout
Err ftp://ftp.heanet.ie noarch release
Connection timeout [IP: 193.1.193.64 21]
Err ftp://ftp.altlinux.org i586 release
Connection timeout
Err ftp://ftp.heanet.ie i586 release
Connection timeout [IP: 193.1.193.64 21]
Failed to fetch ftp://ftp.altlinux.org/pub/distributions/ALTLinux/4.1/branch/noarch/base/release Connection timeout
Failed to fetch ftp://ftp.altlinux.org/pub/distributions/ALTLinux/4.1/branch/i586/base/release Connection timeout
Failed to fetch ftp://ftp.heanet.ie/mirrors/ftp.altlinux.org/4.1/branch/noarch/base/release Connection timeout [IP:
193.1.193.64 21]
Failed to fetch ftp://ftp.heanet.ie/mirrors/ftp.altlinux.org/4.1/branch/i586/base/release Connection timeout [IP:
193.1.193.64 21]
Reading Package Lists... Done
Building Dependency Tree... Done
W: Release files for some repositories could not be retrieved or authenticated. Such repositories are being ignored.
W: You may want to run apt-get update to correct these problems
E: Some index files failed to download, they have been ignored, or old ones used instead.
А в это время на сервере:
[root@myseif ~]# tcpdump -n -i ppp1 -l | tee tmp.log
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp1, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
08:35:02.388481 IP 91.144.134.30.56317 > 194.107.17.7.ftp: S 1001436989:1001436989(0) win 5240 <mss
1310,nop,nop,sackOK,nop,wscale 7>
08:35:02.424449 IP 91.144.134.30.58558 > 193.1.193.64.ftp: S 1002196311:1002196311(0) win 5240 <mss
1310,nop,nop,sackOK,nop,wscale 7>
08:35:04.224451 IP 222.122.205.2.53645 > 91.144.134.30.ssh: F 3860845055:3860845055(0) ack 2372331913 win 46
08:35:04.224493 IP 91.144.134.30.ssh > 222.122.205.2.53645: R 2372331913:2372331913(0) win 0
08:35:05.385524 IP 91.144.134.30.56317 > 194.107.17.7.ftp: S 1001436989:1001436989(0) win 5240 <mss
1310,nop,nop,sackOK,nop,wscale 7>
08:35:05.420765 IP 194.107.17.7.ftp > 192.168.1.2.56317: S 3391405290:3391405290(0) ack 1001436990 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 7>
08:35:05.422497 IP 91.144.134.30.58558 > 193.1.193.64.ftp: S 1002196311:1002196311(0) win 5240 <mss
1310,nop,nop,sackOK,nop,wscale 7>
08:35:05.425685 IP 91.144.134.30.56317 > 194.107.17.7.ftp: . ack 3391405291 win 41
08:35:05.463661 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46
08:35:05.463942 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0
08:35:05.535541 IP 193.1.193.64.ftp > 192.168.1.2.58558: S 3880214425:3880214425(0) ack 1002196312 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 7>
08:35:05.536005 IP 91.144.134.30.58558 > 193.1.193.64.ftp: . ack 3880214426 win 41
08:35:05.651931 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46
08:35:05.652212 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0
08:35:08.467032 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46
08:35:08.467339 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0
08:35:08.647394 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46
08:35:08.647870 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0
08:35:13.484657 IP 91.144.134.30.ssh > 222.122.205.2.52976: F 2292946611:2292946611(0) ack 3847923446 win 62
08:35:13.859870 IP 222.122.205.2.52976 > 91.144.134.30.ssh: R 3847923446:3847923446(0) win 0
08:35:14.467028 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46
08:35:14.467342 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0
08:35:14.647322 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46
08:35:14.647608 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0
next prev parent reply other threads:[~2009-12-02 3:38 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-30 18:12 Владимир Саломатин
2009-11-30 18:23 ` Michael Shigorin
2009-11-30 19:23 ` Владимир Саломатин
2009-12-01 15:24 ` Pavel
2009-12-01 20:03 ` Владимир Саломатин
2009-12-01 21:12 ` Владимир
2009-12-02 3:38 ` Владимир Саломатин [this message]
2009-12-01 9:57 ` Rinat Bikov
2009-12-01 11:34 ` Andrii Dobrovol`s`kii
2009-12-01 11:48 ` Владимир Саломатин
2009-12-01 12:20 ` Anton Gorlov
2009-12-01 12:25 ` Владимир Саломатин
2009-12-01 13:01 ` Andrii Dobrovol`s`kii
2009-12-04 9:06 ` Vladimir V Kutyavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1NFg3C-0006LA-00.salomatin-ru-mail-ru@f5.mail.ru \
--to=salomatin.ru@mail.ru \
--cc=haw@inbox.ru \
--cc=sysadmins@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux sysadmins discussion
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sysadmins/0 sysadmins/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sysadmins sysadmins/ http://lore.altlinux.org/sysadmins \
sysadmins@lists.altlinux.org sysadmins@lists.altlinux.ru sysadmins@lists.altlinux.com
public-inbox-index sysadmins
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sysadmins
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git