Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Необычный nat
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Russian
View previous topic :: View next topic  
Author Message
ntrl
n00b
n00b


Joined: 26 Sep 2004
Posts: 34
Location: SPb, Russia

PostPosted: Sat Dec 01, 2007 10:25 am    Post subject: Необычный nat Reply with quote

Уважаемые гуру!

Помогите настроить необычную схему NAT или маскарада. Имеется линукс-ящик роутер, на нем 3 сетевушки, одна смотрит в интернет (eth1), две другие в локалку (eth0 и eth2). Одной локалке нужно настроить полный NAT (eth2), другой локалке (eth0) запретить NAT, кроме портов 110 и 25, и сделать редирект 80 порта на порт 3128 (для прозрачного прокси).

Подскажите пожалуйста как правильно сделать. Всю ночь читал iptables tutorial, но так и не осилил :(

Спасибо.
_________________
--
WBR
Back to top
View user's profile Send private message
KUV
Tux's lil' helper
Tux's lil' helper


Joined: 18 Mar 2005
Posts: 128

PostPosted: Sat Dec 01, 2007 1:19 pm    Post subject: Reply with quote

Для раздельных правил для сетевух:
Code:
-o, --out-interface [!] name
              Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING  chains).   When  the
              "!"  argument  is  used  before  the  interface name, the sense is inverted.  If the interface name ends in a "+", then any interface which
              begins with this name will match.  If this option is omitted, any interface name will match.

Для редиректа порта:
Code:
REDIRECT
       This  target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains.
       It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming  interface  (locally-generated
       packets are mapped to the 127.0.0.1 address).  It takes one option:

       --to-ports port[-port]
              This specifies a destination port or range of ports to use: without this, the destination port is never altered.  This is only valid if the
              rule also specifies -p tcp or -p udp.

Ну и условие которое совпадает только с портами 25 110:
Code:
-p udp -m multiport --dports 25,110
-p tcp -m multiport --dports 25,110

Удачи :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Russian All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum