|
|
|
Re: fwd and divert: msg#00123org.user-groups.bsd.romanian.rofug.general
a mers merci. pana la urma am folosit ipnat pentru un provider si natd pentru altu. inca o intrebare: ipnat-u nu stie sa faca connection tracking la ftp de exemplu. daca din lan ma conectez la un server de ftp i-mi zice: (cannot open a connection to 10.0.0.x , only to 1.2.3.4) cu natd si ipfw totul merge ok. cu ipnat nu. On Sun, 19 Sep 2004, Alex Popa wrote: > On Sat, Sep 18, 2004 at 11:37:03AM +0300, Cristian Ursuleanu wrote: > > > > salut. > > > > am si eu o problema: > > > > > > (10.0.0.x) (ed0)(10.0.0.1)(rl0) (1.2.3.4) > > --LAN----------------FreeBSD--------------ISP_1 > > | > > |(rl1) > > | > > | (5.6.7.8) > > |_________________ISP_2 > > > > > > vreau ca portul 80 din LAN sa plece la ISP_2 iar restul de trafic prin > > ISP_1 > > > > am facut: > > $ route add -net 0.0.0.0 1.2.3.4 > > > > $ natd -p 8668 -interface rl0 > > $ natd -p 8669 -interface rl1 > > > > > > $ ipfw add 500 fwd 5.6.7.8 tcp from 10.0.0.0/24 to any 80 > > $ ipfw add 1000 divert 8668 all from any to any rl0 > > $ ipfw add 2000 divert 8669 all from any to any rl1 > > > > > > > > dar nu merge cum vreau eu. > > > > am dat un 'tcpdump' pe interfata rl1 si pachetele pleaca cu IP-uri din > > clasa 10.0.0.x , ceeace nu e bine. > > > > daca pun regula 500 dupa cele 2 reguli cu 'divert' atunci nu mai face > > 'fwd'-ul pentru ca dupa 'divert' packetele sunt scoase din firewall si nu > > mai ajung sa faca 'fwd'. > > > > ar trebui cumva sa reinjectez in firewall pachetele dupa 'divert' > > > > > > vreo idee? > > kldload ipl; fa NAT cu ipfilter si forwarding cu ipfw. > > > Alex > > ------------+------------------------------------------------------- > Alex Popa, | "Computer science is no more about computers than > razor-EnhvrSxvaSc@xxxxxxxxxxxxxxxx| astronomy is about telescopes" -- E. > W. Dijkstra > ------------+------------------------------------------------------- > __________________________________________________________ > Send 'unsubscribe rofug' to listar-gQFem4m/dK4@xxxxxxxxxxxxxxxx to unsubscribe > > |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: fwd and divert: 00123, Alex Popa |
|---|---|
| Next by Date: | Problema neidentificata Apache 2.0.50 / FreeBSD 5.2.1: 00123, Paul |
| Previous by Thread: | Re: fwd and diverti: 00123, Alex Popa |
| Next by Thread: | Re: fwd and divert: 00123, Alex Popa |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |