интерфейсы
eth0 192.168.0.0/16 - локал
eth1 192.168.1.0/24 - модем
ppp0 - pppoe - инет
iptables:
# Generated by iptables-save v1.4.6 on Mon Mar 8 03:50:36 2010
*filter
:INPUT ACCEPT [1473:146529]
:FORWARD ACCEPT [1258:149938]
:OUTPUT ACCEPT [994:151853]
:checkmac - [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j checkmac
-A checkmac -s 192.168.180.71/32 -m mac --mac-source m1 -j RETURN
-A checkmac -s 192.168.80.68/32 -m mac --mac-source m2 -j RETURN
-A checkmac -s 192.168.80.73/32 -m mac --mac-source m3 -j RETURN
-A checkmac -s 192.168.81.68/32 -m mac --mac-source m4 -j RETURN
-A checkmac -s 192.168.80.169/32 -m mac --mac-source m5 -j RETURN
-A checkmac -j DROP
COMMIT
# Completed on Mon Mar 8 03:50:36 2010
# Generated by iptables-save v1.4.6 on Mon Mar 8 03:50:36 2010
*nat
:PREROUTING ACCEPT [14520:1688911]
:POSTROUTING ACCEPT [6:348]
:OUTPUT ACCEPT [28:1838]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 20000 -j DNAT --to-destination 192.168.0.2:20000
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 20001 -j DNAT --to-destination 192.168.0.3:20001
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 20002 -j DNAT --to-destination 192.168.0.4:20002
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 20003 -j DNAT --to-destination 192.168.0.5:20003
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 20004 -j DNAT --to-destination 192.168.0.6:20004
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Mar 8 03:50:36 2010
Problem: всё работает кроме сайта nix.ru и nixcraft.com соединение с ним не разрываетcя пробывал на всёх машинах локалки под всеми сайтами.
а на серве раздающем инет всё нормально
