<html>
<head>
<meta content="text/html; charset=KOI8-R" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">28.02.2013 09:54, ðÁ×ÅÌ é×ÁÎÏ× ÐÉÛÅÔ:<br>
</div>
<blockquote
cite="mid:CAH21NZdgNgXN+EbrdJ_JyOTPowPXXC_nD1y_gtPLZT0+8d7n2g@mail.gmail.com"
type="cite"><br>
<br>
ÞÅÔ×ÅÒÇ, 28 ÆÅ×ÒÁÌÑ 2013šÇ. ÐÏÌØÚÏ×ÁÔÅÌØ ðÁ×ÅÌ é×ÁÎÏ× ÐÉÓÁÌ:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><b>ip a</b>
<div>
<div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc
noqueue state UNKNOWN</div>
<div>š š link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div>
<div>š š inet <a moz-do-not-send="true"
href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a>
scope host lo</div>
<div>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc pfifo_fast state UP qlen 1000</div>
<div>š š link/ether 00:17:31:d3:7a:40 brd ff:ff:ff:ff:ff:ff</div>
<div>š š inet <a moz-do-not-send="true"
href="http://172.27.149.252/24" target="_blank">172.27.149.252/24</a>
brd 172.27.149.255 scope global eth0</div>
<div>3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc pfifo_fast state UP qlen 1000</div>
<div>š š link/ether 1c:7e:e5:cc:d6:d3 brd ff:ff:ff:ff:ff:ff</div>
<div>š š inet <a moz-do-not-send="true"
href="http://192.168.1.170/24" target="_blank">192.168.1.170/24</a>
brd 192.168.1.255 scope global eth1</div>
<div>4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu
1500 qdisc pfifo_fast state DOWN qlen 1000</div>
<div>š š link/ether 34:08:04:29:d1:91 brd ff:ff:ff:ff:ff:ff</div>
<div><br>
</div>
<div><b>iptables -L -n -v</b></div>
<div>
<div>Chain INPUT (policy ACCEPT 136 packets, 14443 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š
š š š š š š destination</div>
<div><br>
</div>
<div>Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š
š š š š š š destination</div>
<div>š š 0 š š 0 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š<a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š state
RELATED,ESTABLISHED</div>
<div>š š 0 š š 0 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š172.27.149.5</div>
<div>š š22 š1128 ACCEPT š š all š-- š* š š š* š š š
192.168.1.130 š š š š<a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div>
<div>š š 2 š 120 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š192.168.1.130</div>
</div>
<div><br>
</div>
<b>iptables -t nat -L -n -v</b></div>
<div>
<div>Chain INPUT (policy ACCEPT 136 packets, 14443 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div><br>
</div>
<div>Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div>š š 0 š š 0 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š<a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š state
RELATED,ESTABLISHED</div>
<div>
š š 0 š š 0 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š172.27.149.5</div>
<div>š š22 š1128 ACCEPT š š all š-- š* š š š* š š š
192.168.1.130 š š š š<a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></div>
<div>š š 2 š 120 ACCEPT š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š192.168.1.130</div>
<div><br>
</div>
<div>Chain OUTPUT (policy ACCEPT 57 packets, 6444 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div>[root@host-1 sysconfig]# iptables -t nat -L -n -v</div>
<div>Chain PREROUTING (policy ACCEPT 43 packets, 5776 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div>š š 1 š š60 DNAT š š š all š-- š* š š š* š š š <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> š š š š š š172.27.149.5 š š
š što:192.168.1.130</div>
<div><br>
</div>
<div>Chain POSTROUTING (policy ACCEPT 17 packets, 892 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div>š š 6 š 360 SNAT š š š all š-- š* š š š* š š š
192.168.1.130 š š š !<a moz-do-not-send="true"
href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a>
š š što:172.27.149.5</div>
<div><br>
</div>
<div>Chain OUTPUT (policy ACCEPT 16 packets, 832 bytes)</div>
<div>špkts bytes target š š prot opt in š š out š š source š š
š š š š š destination</div>
<div><br>
</div>
</div>
</blockquote>
</blockquote>
<br>
÷Ù ÄÁÖÅ ÓËÏÐÉÐÁÓÔÉÔØ ÎÅ ÍÏÖÅÔÅ ÐÒÁ×ÉÌØÎÏ :(. ÷ ÔÁÂÌÉÃÅ nat ÎÅÔ
ÃÅÐÏÞËÉ INPUT, FORWARD É Ô.Ä.<br>
é ËÕÄÁ ÐÏÔÅÒÑÌÉ PREROUTING ?<br>
<br>
<blockquote
cite="mid:CAH21NZdgNgXN+EbrdJ_JyOTPowPXXC_nD1y_gtPLZT0+8d7n2g@mail.gmail.com"
type="cite">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div><br>
</div>
<div><br>
</div>
ÞÅÔ×ÅÒÇ, 28 ÆÅ×ÒÁÌÑ 2013šÇ. ÐÏÌØÚÏ×ÁÔÅÌØ Viacheslav Dubrovskyi
ÐÉÓÁÌ:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> 28.02.2013 06:12,
ðÁ×ÅÌ é×ÁÎÏ× ÐÉÛÅÔ:<br>
<span style="white-space:pre-wrap">> îÅ ÓÏ×ÓÅÍ ÐÏÎÑÌ
ÐÒÏ ËÁËÉÅ ËÌÀÞÉ ÉÄÅÔ ÒÅÞØ?<br>
> ÓÈÅÍÁ ÔÁËÁÑ:<br>
> ÔÅÓÔÏ×ÙÊ ÓÅÒ×ÅÒ<br>
> ×ÎÕÔÒÅÎÎÉÊ ip - 192.168.1.170<br>
> ×ÎÅÛÎÉÊ ip - 172.27.149.252<br>
> ÎÅÏÂÈÏÄÉÍÏ ÔÅÌÅÆÏÎ Ó ip 192.168.1.130 ×ÙÈÏÄÉÌ ×
172-À ÓÅÔØ c ÁÄÒÅÓÏÍ 172.27.149.5<br>
</span>üÔÏ ÎÅ ×ÏÚÍÏÖÎÏ. åÓÌÉ ÔÕÄÁ, ÐÁËÅÔ ÄÏÊÄÅÔ ÎÏÒÍÁÌØÎÏ,
ÔÏ ÏÂÒÁÔÎÏ, ÏÎ ÐÏÊÄÅÔ ÎÁ IP 172.27.149.5. á × ×ÁÛÅÊ ÓÈÅÍÅ
ÎÅÔ ÄÅ×ÁÊÓÁ Ó ÔÁËÉÍ IP.<br>
</div>
</blockquote>
</div>
</blockquote>
<div>îÕ, Á ÅÓÌÉ ÄÏÂÁ×ÉÔØ ip-ÁÄÒÅÓ ÎÁ ×ÎÅÛÎÉÊ ÉÎÔÅÒÆÅÊÓ?</div>
</blockquote>
÷ÏÐÒÏÓ: á ÚÁÞÅÍ ×ÁÍ ÉÍÅÎÎÏ 172.27.149.5?<br>
õ ×ÁÓ ÖÅ ÅÓÔØ IP ÉÚ ÜÔÏÊ ÓÅÔÉ - 172.27.149.252. ÷ÏÔ É ÎÁÔØÔÅ ÎÁ
ÎÅÇÏ.<br>
ô.Å. ÚÁÍÅÎÉÔÅ 172.27.149.5 ÎÁ 172.27.149.252 × ÐÒÁ×ÉÌÅ<br>
<br>
-A POSTROUTING -s 192.168.1.130 -j SNAT --to-source 172.27.149.5<br>
<br>
ôÏÌØËÏ Ñ ÂÙ × ÐÒÁ×ÉÌÁ ÄÏÂÁ×ÉÌ ÉÎÔÅÒÆÅÊÓÙ. ÷ÏÔ ÔÁË:<br>
# iptables -t nat -A POSTROUTING -s 192.168.1.130 -o eth0 -j SNAT
--to-source 172.27.149.252<br>
<br>
<br>
÷ÏÏÂÝÅÍ ÒÅËÏÍÅÎÄÕÀ ×ÎÉÍÁÔÅÌØÎÏ ÞÉÔÁÔØ
<a class="moz-txt-link-freetext" href="http://www.opennet.ru/docs/RUS/iptables/">http://www.opennet.ru/docs/RUS/iptables/</a><br>
<br>
<pre class="moz-signature" cols="72">--
WBR,
Viacheslav Dubrovskyi</pre>
</body>
</html>