[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [TEKNIK] iptables, hvordan undlades flere subnets ved nat ?



On Thu, 7 Jun 2012 18:53:32 +0000 (UTC)
sslug@sslug (Henrik Andresen) wrote:

> Hejsa.
> 
> Jeg har flere subnets routet på en linuxbox, og kan jeg ikke route en 
> adresse skal den på internettet.
> 
> Jeg kan nemt klare mine regler for FORWARD, men laver jeg en 
> masquerade-regl bagefter, bliver trafik til mine lokale net der
> kommer via ipsec-tuneller også masq'ed
> 
> Jeg har så fundet ud af at jeg kan bruge ! -d lokalnet/mask problemet
> er bare jeg har flere subnets der ikke må masques
> og ,subnet,subnet,subnet må ikke bruges når man bruger !
> 
> Så hvad gør man ?
> 
> Jeg vil maskq alt trafik der IKKE er til net 
> 
> 10.0.0.0/22,172.25.192.0/18,192.168.0/22
> 
> Kunne jeg bare lave denne regl ville det være dejligt :(
> 
> -t nat -A POSTROUTING -s 10.1.1.14/32 ! -d 
> 10.0.0.0/22,172.25.192.0/18,192.168.0/22 -o eth1 -j MASQUERADE
> 

Såvidt jeg kan se, kan du bruge "Null NAT" mappings.
-------------------------
Creating Null NAT Mappings

You can use the `-j ACCEPT' target to let a connection through without
any NAT taking place.
-------------------------
Dvs. lave 2 regler før din endelige -j MASQUERADE regel som er -j
ACCEPT regler for at tillade dine pakker igennem natting - uden at der
laves nat.

Mvh
JesperKP

-- 
ordo ab chao!


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2012-07-01, 02:01 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *