Прокинуть Vlan на внешний интерфейс

0

2

Требуется одному из vlan'ов (VID 5) на внутреннем интерфейсе eth2 ходить в интернет,через внешний интерфейс eth1. eth2 внутрений (eth2.5(192.168.5.1),eth2.6,eth2.10) - Linux OpenSuse - eth1(172.*.*.*) - internet

Ссылка

←	Сменить порт APache

Mikrotik RouterOS на kvm (Openstack)

→

используй bridge, король тегов

anonymous
(12.05.14 12:14:22 MSK)

Ссылка

ip_forwarding=1 и маршруты/NAT помогут отцу русской демократии

zolden ★★★★★
(12.05.14 13:00:18 MSK)

Ответ на: комментарий от zolden 12.05.14 13:00:18 MSK

ip_forwarding включен
linux-bfgx:/home/user # cat /proc/sys/net/ipv4/ip_forward
1
С маршрутизацией пока путаюсь
linux-bfgx:/home/user # ip route add 192.168.2.1 via 192.168.5.1 не решает вопрос
linux-bfgx:/home/user # route -n

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.17.7 0.0.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo[br] 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
172.17.17.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1[br] 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2[br] 192.168.2.1 192.168.5.1 255.255.255.255 UGH 0 0 0 eth2.5
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2.5
192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2.6
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2.10

xkolosx
(12.05.14 19:08:27 MSK) автор топика

Ответ на: комментарий от xkolosx 12.05.14 19:08:27 MSK

покажи
ip a
ip r
iptables-save

zolden ★★★★★
(12.05.14 19:49:48 MSK)

Ответ на: комментарий от zolden 12.05.14 19:49:48 MSK

Прошу не ругать,не получилось завернуть это в спойлер!

linux-bfgx:/home/user # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:21:91:8f:4e:8d brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:16:e6:67:a1:2a brd ff:ff:ff:ff:ff:ff
    inet 172.17.17.148/24 brd 172.17.17.255 scope global eth1
    inet6 fe80::216:e6ff:fe67:a12a/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether 00:50:22:b1:6c:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global eth2
    inet6 fe80::250:22ff:feb1:6ccd/64 scope link 
       valid_lft forever preferred_lft forever
5: eth2.5@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN 
    link/ether 00:50:22:b1:6c:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.5.1/24 brd 192.168.5.255 scope global eth2.5
    inet6 fe80::250:22ff:feb1:6ccd/64 scope link 
       valid_lft forever preferred_lft forever
6: eth2.6@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN 
    link/ether 00:50:22:b1:6c:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.6.1/24 brd 192.168.6.255 scope global eth2.6
    inet6 fe80::250:22ff:feb1:6ccd/64 scope link 
       valid_lft forever preferred_lft forever
7: eth2.10@eth2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state LOWERLAYERDOWN 
    link/ether 00:50:22:b1:6c:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.10.255 scope global eth2.10
    inet6 fe80::250:22ff:feb1:6ccd/64 scope link 
       valid_lft forever preferred_lft forever

linux-bfgx:/home/user # ip r
default via 172.17.17.7 dev eth1 
127.0.0.0/8 dev lo  scope link 
169.254.0.0/16 dev eth1  scope link 
172.17.17.0/24 dev eth1  proto kernel  scope link  src 172.17.17.148 
192.168.2.0/24 dev eth2  proto kernel  scope link  src 192.168.2.1 
192.168.2.1 via 192.168.5.1 dev eth2.5 
192.168.5.0/24 dev eth2.5  proto kernel  scope link  src 192.168.5.1 
192.168.6.0/24 dev eth2.6  proto kernel  scope link  src 192.168.6.1 
192.168.10.0/24 dev eth2.10  proto kernel  scope link  src 192.168.10.1

xkolosx
(13.05.14 11:23:15 MSK) автор топика

Ответ на: комментарий от xkolosx 13.05.14 11:23:15 MSK

linux-bfgx:/home/user # iptables-save
# Generated by iptables-save v1.4.16.3 on Tue May 13 11:01:17 2014
*nat
:PREROUTING ACCEPT [7396:958811]
:INPUT ACCEPT [7:420]
:OUTPUT ACCEPT [4154:256374]
:POSTROUTING ACCEPT [6:1165]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Tue May 13 11:01:17 2014
# Generated by iptables-save v1.4.16.3 on Tue May 13 11:01:17 2014
*raw
:PREROUTING ACCEPT [47319:34389335]
:OUTPUT ACCEPT [58050:11151435]
-A PREROUTING -i lo -j CT --notrack
-A OUTPUT -o lo -j CT --notrack
COMMIT
# Completed on Tue May 13 11:01:17 2014
# Generated by iptables-save v1.4.16.3 on Tue May 13 11:01:17 2014
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [58050:11151435]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -i eth2 -j input_int
-A INPUT -j input_ext
-A INPUT -m limit --limit 3/min -j LOG --log-prefix «SFW2-IN-ILL-TARGET » --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth2 -j forward_int
-A FORWARD -i eth0 -j forward_ext
-A FORWARD -i eth1 -j forward_ext
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix «SFW2-FWD-ILL-ROUTING » --log-tcp-options --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -i eth0 -o eth2 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A forward_ext -i eth1 -o eth2 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -m pkttype --pkt-type broadcast -j DROP
-A forward_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix «SFW2-FWDext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix «SFW2-FWDext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_ext -p udp -m limit --limit 3/min -m conntrack --ctstate NEW -j LOG --log-prefix «SFW2-FWDext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_int -i eth2 -o eth0 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A forward_int -i eth2 -o eth1 -m conntrack --ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A forward_int -m pkttype --pkt-type multicast -j DROP
-A forward_int -m pkttype --pkt-type broadcast -j DROP
-A forward_int -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix «SFW2-FWDint-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_int -p icmp -m limit --limit 3/min -j LOG --log-prefix «SFW2-FWDint-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_int -p udp -m limit --limit 3/min -m conntrack --ctstate NEW -j LOG --log-prefix «SFW2-FWDint-DROP-DEFLT » --log-tcp-options --log-ip-options
-A forward_int -j reject_func
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p tcp -m limit --limit 3/min -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j LOG --log-prefix «SFW2-INext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A input_ext -p icmp -m limit --limit 3/min -j LOG --log-prefix «SFW2-INext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A input_ext -p udp -m limit --limit 3/min -m conntrack --ctstate NEW -j LOG --log-prefix «SFW2-INext-DROP-DEFLT » --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Tue May 13 11:01:17 2014

xkolosx
(13.05.14 11:29:32 MSK) автор топика

Ссылка

iptables -A FORWARD -i eth2 -o eth1 -s 192.168.0.1/24 -j ACCEPT

CHIPOK ★★★
(13.05.14 11:36:26 MSK)

Ссылка

Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.

←	Сменить порт APache

Admin

Mikrotik RouterOS на kvm (Openstack)

→

Похожие темы