From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00, SPF_PASS, SUBJ_RE_NUM, URI_HEX autolearn=no version=3.2.5 From: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=F3=C1=CC=CF=CD=C1=D4=C9=CE?= To: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2?= Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: 192.168.1.2 via proxy [77.247.90.85] Date: Wed, 02 Dec 2009 06:38:46 +0300 References: <200912020012.47978.haw@inbox.ru> In-Reply-To: <200912020012.47978.haw@inbox.ru> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: X-Spam: Not detected X-Mras: Ok Cc: sysadmins@lists.altlinux.org Subject: Re: [Sysadmins] =?koi8-r?b?68/X3sXHIDUuMCAtINPU0sHOzs8g0sHCz9TBxdQg?= =?koi8-r?b?TkFUIN7F0sXaIHBwcG9l?= X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=F3=C1=CC=CF=CD=C1=D4=C9=CE?= , ALT Linux sysadmin discuss List-Id: ALT Linux sysadmin discuss List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2009 03:39:00 -0000 Archived-At: List-Archive: > а если только > service iptables restart > iptables -t nat -F > iptables -F > echo "1" > /proc/sys/net/ipv4/ip_forward > iptables -t nat -A POSTROUTING -o ppp1 -j SNAT --to-source 91.144.134.30 > iptables -n -L -v > iptables -n -L -v -t nat [root@myseif ~]# iptables -n -L -v Chain INPUT (policy ACCEPT 184K packets, 26M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 1126 packets, 353K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 187K packets, 29M bytes) pkts bytes target prot opt in out source destination [root@myseif ~]# iptables -n -L -v -t nat Chain PREROUTING (policy ACCEPT 3244K packets, 3307M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 14896 packets, 1163K bytes) pkts bytes target prot opt in out source destination 1 76 SNAT all -- * ppp1 0.0.0.0/0 0.0.0.0/0 to:91.144.134.30 Chain OUTPUT (policy ACCEPT 14551 packets, 976K bytes) pkts bytes target prot opt in out source destination На локальной машине: [vova@rabst ~]$ tracepath 193.1.193.64 1: 192.168.1.2 (192.168.1.2) 1.372ms pmtu 1500 1: myseif.myseif.ru (192.168.1.254) 4.922ms 1: myseif.myseif.ru (192.168.1.254) 0.948ms 2: myseif.myseif.ru (192.168.1.254) 0.736ms pmtu 1476 2: net132.144.91-222.chel.ertelecom.ru (91.144.132.222) 3.381ms asymm 3 3: net132.144.91-202.chel.ertelecom.ru (91.144.132.202) 2.294ms 4: border.chel.ertelecom.ru (91.144.132.73) 2.480ms asymm 5 5: net132.144.91-154.chel.ertelecom.ru (91.144.132.154) 4.297ms asymm 6 6: 90.150.3.201 (90.150.3.201) 2.838ms 7: 10.233.10.29 (10.233.10.29) 3.487ms asymm 9 8: 10.233.10.13 (10.233.10.13) 3.801ms asymm 9 9: 90.150.3.194 (90.150.3.194) 3.029ms 10: 90.150.3.193 (90.150.3.193) 35.012ms asymm 9 11: 217.115.84.225 (217.115.84.225) 3.344ms asymm 7 12: 87.226.142.165 (87.226.142.165) 36.805ms 13: xe-1-3-0.lndn-ar1.intl.ip.rostelecom.ru (87.226.133.130) 102.925ms 14: ldn-b3-link.telia.net (213.248.79.121) 97.846ms asymm 19 15: ldn-bb1-link.telia.net (80.91.249.171) 97.862ms asymm 18 16: dln-b3-link.telia.net (80.91.249.134) 108.032ms asymm 19 17: heanet-ic-126792-dln-b3.c.telia.net (213.248.88.10) 114.248ms asymm 14 18: te5-1-blanch-sr1.services.hea.net (193.1.236.2) 114.753ms asymm 14 19: te5-1-blanch-sr1.services.hea.net (193.1.236.2) 114.830ms !H Resume: pmtu 1476 При попытках запустить APT [root@rabst ~]# apt-get update Err ftp://ftp.altlinux.org noarch release Connection timeout Err ftp://ftp.heanet.ie noarch release Connection timeout [IP: 193.1.193.64 21] Err ftp://ftp.altlinux.org i586 release Connection timeout Err ftp://ftp.heanet.ie i586 release Connection timeout [IP: 193.1.193.64 21] Failed to fetch ftp://ftp.altlinux.org/pub/distributions/ALTLinux/4.1/branch/noarch/base/release Connection timeout Failed to fetch ftp://ftp.altlinux.org/pub/distributions/ALTLinux/4.1/branch/i586/base/release Connection timeout Failed to fetch ftp://ftp.heanet.ie/mirrors/ftp.altlinux.org/4.1/branch/noarch/base/release Connection timeout [IP: 193.1.193.64 21] Failed to fetch ftp://ftp.heanet.ie/mirrors/ftp.altlinux.org/4.1/branch/i586/base/release Connection timeout [IP: 193.1.193.64 21] Reading Package Lists... Done Building Dependency Tree... Done W: Release files for some repositories could not be retrieved or authenticated. Such repositories are being ignored. W: You may want to run apt-get update to correct these problems E: Some index files failed to download, they have been ignored, or old ones used instead. А в это время на сервере: [root@myseif ~]# tcpdump -n -i ppp1 -l | tee tmp.log tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ppp1, link-type LINUX_SLL (Linux cooked), capture size 96 bytes 08:35:02.388481 IP 91.144.134.30.56317 > 194.107.17.7.ftp: S 1001436989:1001436989(0) win 5240 08:35:02.424449 IP 91.144.134.30.58558 > 193.1.193.64.ftp: S 1002196311:1002196311(0) win 5240 08:35:04.224451 IP 222.122.205.2.53645 > 91.144.134.30.ssh: F 3860845055:3860845055(0) ack 2372331913 win 46 08:35:04.224493 IP 91.144.134.30.ssh > 222.122.205.2.53645: R 2372331913:2372331913(0) win 0 08:35:05.385524 IP 91.144.134.30.56317 > 194.107.17.7.ftp: S 1001436989:1001436989(0) win 5240 08:35:05.420765 IP 194.107.17.7.ftp > 192.168.1.2.56317: S 3391405290:3391405290(0) ack 1001436990 win 5840 08:35:05.422497 IP 91.144.134.30.58558 > 193.1.193.64.ftp: S 1002196311:1002196311(0) win 5240 08:35:05.425685 IP 91.144.134.30.56317 > 194.107.17.7.ftp: . ack 3391405291 win 41 08:35:05.463661 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46 08:35:05.463942 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0 08:35:05.535541 IP 193.1.193.64.ftp > 192.168.1.2.58558: S 3880214425:3880214425(0) ack 1002196312 win 5840 08:35:05.536005 IP 91.144.134.30.58558 > 193.1.193.64.ftp: . ack 3880214426 win 41 08:35:05.651931 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46 08:35:05.652212 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0 08:35:08.467032 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46 08:35:08.467339 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0 08:35:08.647394 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46 08:35:08.647870 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0 08:35:13.484657 IP 91.144.134.30.ssh > 222.122.205.2.52976: F 2292946611:2292946611(0) ack 3847923446 win 62 08:35:13.859870 IP 222.122.205.2.52976 > 91.144.134.30.ssh: R 3847923446:3847923446(0) win 0 08:35:14.467028 IP 194.107.17.7.ftp > 192.168.1.2.56317: P 1:66(65) ack 1 win 46 08:35:14.467342 IP 192.168.1.2.56317 > 194.107.17.7.ftp: R 1001436990:1001436990(0) win 0 08:35:14.647322 IP 193.1.193.64.ftp > 192.168.1.2.58558: P 1:7(6) ack 1 win 46 08:35:14.647608 IP 192.168.1.2.58558 > 193.1.193.64.ftp: R 1002196312:1002196312(0) win 0