Nie jesteś zalogowany. Proszę się zalogować lub zarejestrować.
eko.one.pl → Oprogramowanie / Software → przekierowanie z lan do tun
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
chciałem przekierować wszystkich z lan do tun tylko na porcie 8000
Tylko router łączy się jako klient z serwerem vpn i chciałem przekierować całą sieć lan z portu 8000 na tun 10.0.2.1:8000
Router ma przydzielony adres vpn 10.0.2.9
Te reguły mi nie działają
iptables -t nat -A PREROUTING -d 192.168.1.0/24 -p tcp --dport 8000 -j DNAT --to-destination 10.0.2.1:8000
iptables -I FORWARD -i tun+ -p tcp --dport 8000 -j ACCEPT
już nie wiem o co chodzi dokładnie
jak robię takie przekierowanie i też nie chodzi
iptables -t nat -I PREROUTING -s 192.168.1.0/24 -p tcp --dport 8000 -j DNAT --to 10.0.2.1:8000
nie wiem dlaczego ale tych reguł nie mam iptables -L -v
ponawiam swoją prośbę
proszę o schemat sieci z adresacją bo ja się w tych opisach już gubię
z lan do tun hmm ciekawie piszesz
ok jeszcze raz to jest moja sieć
TP-LINK 1043ND pełni rolę serwera VPN, klienci z Lan mają tylko taką adresację z puli 192.168.178.0/24.
Netgear WNDR3700 pełni rolę klienta VPN, ma adres 10.0.2.10, klienci z Lan mają tylko taką adresację z puli 192.168.1.0/24.
Żaden z klientów obydwu LAN'ow oprócz routerów 1043 i WNDR3700 nie mają zainstalowanego klienta VPN
Na 1043ND(serwer VPN) podaje takie reguły
iptables -t nat -A PREROUTING -d 192.168.178.0/24 -p tcp --dport 8000 -j DNAT --to-destination 10.0.2.1:8000
iptables -I FORWARD -i tun+ -p tcp --dport 8000 -j ACCEPTPrzekierowanie to mi tylko działa gdy na kliencie z sieci 192.168.178.0/24 jest uruchomiony klient VPN.
Na WNDR3700
iptables -t nat -A PREROUTING -d 192.168.1.0/24 -p tcp --dport 8000 -j DNAT --to-destination 10.0.2.1:8000
iptables -I FORWARD -i tun+ -p tcp --dport 8000 -j ACCEPTPrzekierowanie to mi tylko działa gdy na kliencie z sieci 192.168.1.0/24 jest uruchomiony klient VPN.
Chce przekierować cały ruch z portu 8000 z lanu 192.168.1.0/24 na serwer ftp 192.168.178.40:8000
o to tablica routingu na 1043nd
root@Gargoyle:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.114.190.157 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 195.114.190.157 0.0.0.0 UG 0 0 0 pppoe-wanz obu routerów
route -n
iptables -L -v
iptables -t nat -L -v
ifconfig
TP-LINK 1043 ND
route -n
root@Gargoyle:/etc/openvpn/ccd$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.114.190.157 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
10.0.2.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
10.0.2.0 10.0.2.2 255.255.255.0 UG 0 0 0 tun0
0.0.0.0 195.114.190.157 0.0.0.0 UG 0 0 0 pppoe-waniptables -L -v
root@Gargoyle:/etc/openvpn/ccd$ iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
99 16944 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1 58 ACCEPT all -- lo any anywhere anywhere
0 0 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
20 1553 input_rule all -- any any anywhere anywhere
20 1553 input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun+ any anywhere anywhere tcp dpt:8000
42637 41M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
124 6585 forwarding_rule all -- any any anywhere anywhere
124 6585 forward all -- any any anywhere anywhere
12 576 reject all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
103 26101 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
1 58 ACCEPT all -- any lo anywhere anywhere
3 168 output_rule all -- any any anywhere anywhere
3 168 output all -- any any anywhere anywhere
Chain forward (1 references)
pkts bytes target prot opt in out source destination
112 6009 zone_lan_forward all -- br-lan any anywhere anywhere
0 0 zone_wan_forward all -- pppoe-wan any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth0.2 anywhere anywhere
110 5913 nat_reflection_fwd all -- any any anywhere anywhere
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
8 853 zone_lan all -- br-lan any anywhere anywhere
10 420 zone_wan all -- pppoe-wan any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
0 0 tcp -- any any anywhere anywhere tcp dpt:ssh recent: SET name: SSH_CHECK side: source
0 0 DROP all -- any any anywhere anywhere recent: UPDATE seconds: 300 hit_count: 11 name: SSH_CHECK side: source
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh connmark match 0x80/0x80
Chain nat_reflection_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any 192.168.178.0/24 192.168.178.42 tcp dpt:8000
0 0 ACCEPT udp -- any any 192.168.178.0/24 192.168.178.42 udp dpt:8000
Chain output (1 references)
pkts bytes target prot opt in out source destination
3 168 zone_lan_ACCEPT all -- any any anywhere anywhere
3 168 zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
13 624 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
10 420 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
8 853 input_lan all -- any any anywhere anywhere
8 853 zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any br-lan anywhere anywhere
8 853 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any br-lan anywhere anywhere
0 0 DROP all -- br-lan any anywhere anywhere
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-lan anywhere anywhere
1 48 reject all -- br-lan any anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
112 6009 zone_wan_ACCEPT all -- any any anywhere anywhere
1 48 forwarding_lan all -- any any anywhere anywhere
1 48 zone_lan_REJECT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:8194
10 420 input_wan all -- any any anywhere anywhere
10 420 zone_wan_REJECT all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
114 6129 ACCEPT all -- any pppoe-wan anywhere anywhere
0 0 ACCEPT all -- pppoe-wan any anywhere anywhere
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any pppoe-wan anywhere anywhere
0 0 DROP all -- pppoe-wan any anywhere anywhere
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any pppoe-wan anywhere anywhere
10 420 reject all -- pppoe-wan any anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere 192.168.178.42 tcp dpt:8000
0 0 ACCEPT udp -- any any anywhere 192.168.178.42 udp dpt:8000
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhereiptables -t nat -L -v
root@Gargoyle:/etc/openvpn/ccd$ iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 64 packets, 3341 bytes)
pkts bytes target prot opt in out source destination
241 37063 prerouting_rule all -- any any anywhere anywhere
200 29837 zone_lan_prerouting all -- br-lan any anywhere anywhere
10 420 zone_wan_prerouting all -- pppoe-wan any anywhere anywhere
0 0 DNAT tcp -- any any anywhere 192.168.178.0/24 tcp dpt:8000 to:10.0.2.1:8000
Chain POSTROUTING (policy ACCEPT 12 packets, 896 bytes)
pkts bytes target prot opt in out source destination
159 8607 postrouting_rule all -- any any anywhere anywhere
1 40 zone_lan_nat all -- any br-lan anywhere anywhere
133 7133 zone_wan_nat all -- any pppoe-wan anywhere anywhere
Chain OUTPUT (policy ACCEPT 12 packets, 896 bytes)
pkts bytes target prot opt in out source destination
Chain nat_reflection_in (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any 192.168.178.0/24 77-255-233-169.adsl.inetia.pl tcp dpt:8000 to:192.168.178.42:8000
0 0 DNAT udp -- any any 192.168.178.0/24 77-255-233-169.adsl.inetia.pl udp dpt:8000 to:192.168.178.42:8000
Chain nat_reflection_out (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- any any 192.168.178.0/24 192.168.178.42 tcp dpt:8000 to:192.168.178.1
0 0 SNAT udp -- any any 192.168.178.0/24 192.168.178.42 udp dpt:8000 to:192.168.178.1
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0.2 anywhere anywhere
145 8039 nat_reflection_out all -- any any anywhere anywhere
Chain prerouting_lan (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
208 30161 nat_reflection_in all -- any any anywhere anywhere
Chain prerouting_wan (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_nat (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
200 29837 prerouting_lan all -- any any anywhere anywhere
Chain zone_wan_nat (1 references)
pkts bytes target prot opt in out source destination
133 7133 MASQUERADE all -- any any anywhere anywhere
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source destination
0 0 CONNMARK tcp -- any any anywhere anywhere tcp dpt:6022 CONNMARK or 0x80
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:6022 redir ports 22
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:https redir ports 443
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:8000 to:192.168.178.42:8000
0 0 DNAT udp -- any any anywhere anywhere udp dpt:8000 to:192.168.178.42:8000
10 420 prerouting_wan all -- any any anywhere anywhereifconfig
root@Gargoyle:/etc/openvpn/ccd$ ifconfig
br-lan Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
inet addr:192.168.178.1 Bcast:192.168.178.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:442516 errors:0 dropped:0 overruns:0 frame:0
TX packets:625032 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:72846949 (69.4 MiB) TX bytes:738700585 (704.4 MiB)
eth0 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15591351 errors:0 dropped:0 overruns:0 frame:0
TX packets:14127339 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3413894752 (3.1 GiB) TX bytes:311428279 (297.0 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3923769 errors:0 dropped:0 overruns:0 frame:0
TX packets:6254912 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:477088107 (454.9 MiB) TX bytes:3565174987 (3.3 GiB)
eth0.2 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11667542 errors:0 dropped:0 overruns:0 frame:0
TX packets:7872424 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2718521527 (2.5 GiB) TX bytes:1041219461 (992.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6510 errors:0 dropped:0 overruns:0 frame:0
TX packets:6510 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1877458 (1.7 MiB) TX bytes:1877458 (1.7 MiB)
mon.wlan0 Link encap:UNSPEC HWaddr 74-EA-3A-AB-EA-5A-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3834 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:325532 (317.9 KiB) TX bytes:0 (0.0 B)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:77.255.233.169 P-t-P:195.114.190.157 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:644033 errors:0 dropped:0 overruns:0 frame:0
TX packets:441094 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:731744531 (697.8 MiB) TX bytes:69402168 (66.1 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.2.1 P-t-P:10.0.2.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 74:EA:3A:AB:EA:5A
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:97824 errors:0 dropped:0 overruns:0 frame:0
TX packets:140587 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:20815692 (19.8 MiB) TX bytes:126416225 (120.5 MiB)Netgear WNDR3700 - tylko sieć jest teraz 192.168.138.0/24
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
10.0.2.9 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
10.0.2.0 10.0.2.9 255.255.255.0 UG 0 0 0 tun0
192.168.138.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 pppoe-waniptables -L -v
iptables -L -v
Chain INPUT (policy ACCEPT 29 packets, 9512 bytes)
pkts bytes target prot opt in out source destination
3355 621K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
44 3281 ACCEPT all -- lo any anywhere anywhere
553 28756 syn_flood tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
719 99358 input_rule all -- any any anywhere anywhere
719 99358 input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun+ any anywhere anywhere tcp dpt:8000
645 63337 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
2283 142K forwarding_rule all -- any any anywhere anywhere
2283 142K forward all -- any any anywhere anywhere
2 132 reject all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5393 695K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
44 3281 ACCEPT all -- any lo anywhere anywhere
732 272K output_rule all -- any any anywhere anywhere
732 272K output all -- any any anywhere anywhere
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere d-PC.lan udp dpt:59152
Chain forward (1 references)
pkts bytes target prot opt in out source destination
11 710 zone_lan_forward all -- br-lan any anywhere anywhere
2270 141K zone_wan_forward all -- pppoe-wan any anywhere anywhere
Chain forwarding_lan (1 references)
pkts bytes target prot opt in out source destination
Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth1 anywhere anywhere
2281 142K nat_reflection_fwd all -- any any anywhere anywhere
Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination
Chain input (1 references)
pkts bytes target prot opt in out source destination
637 85994 zone_lan all -- br-lan any anywhere anywhere
49 2540 zone_wan all -- pppoe-wan any anywhere anywhere
Chain input_lan (1 references)
pkts bytes target prot opt in out source destination
Chain input_rule (1 references)
pkts bytes target prot opt in out source destination
Chain input_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
47 2444 ACCEPT tcp -- any any anywhere anywhere tcp dpt:www
1 52 tcp -- any any anywhere anywhere tcp dpt:ssh recent: SET name: SSH_CHECK side: source
0 0 DROP all -- any any anywhere anywhere recent: UPDATE seconds: 300 hit_count: 11 name: SSH_CHECK side: source
1 52 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
Chain nat_reflection_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any 192.168.138.0/24 d-PC.lan tcp dpt:3389
0 0 ACCEPT udp -- any any 192.168.138.0/24 d-PC.lan udp dpt:3389
0 0 ACCEPT tcp -- any any 192.168.138.0/24 d-PC.lan tcp dpt:56955
0 0 ACCEPT udp -- any any 192.168.138.0/24 d-PC.lan udp dpt:56955
0 0 ACCEPT tcp -- any any 192.168.138.0/24 192.168.138.177 tcp dpt:5900
0 0 ACCEPT udp -- any any 192.168.138.0/24 192.168.138.177 udp dpt:5900
0 0 ACCEPT tcp -- any any 192.168.138.0/24 192.168.138.177 tcp dpt:5800
0 0 ACCEPT udp -- any any 192.168.138.0/24 192.168.138.177 udp dpt:5800
Chain output (1 references)
pkts bytes target prot opt in out source destination
732 272K zone_lan_ACCEPT all -- any any anywhere anywhere
4 208 zone_wan_ACCEPT all -- any any anywhere anywhere
Chain output_rule (1 references)
pkts bytes target prot opt in out source destination
Chain reject (5 references)
pkts bytes target prot opt in out source destination
2 92 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
1 84 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain syn_flood (1 references)
pkts bytes target prot opt in out source destination
553 28756 RETURN tcp -- any any anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
0 0 DROP all -- any any anywhere anywhere
Chain zone_lan (1 references)
pkts bytes target prot opt in out source destination
637 85994 input_lan all -- any any anywhere anywhere
637 85994 zone_lan_ACCEPT all -- any any anywhere anywhere
Chain zone_lan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
728 272K ACCEPT all -- any br-lan anywhere anywhere
637 85994 ACCEPT all -- br-lan any anywhere anywhere
Chain zone_lan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any br-lan anywhere anywhere
0 0 DROP all -- br-lan any anywhere anywhere
Chain zone_lan_REJECT (1 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any br-lan anywhere anywhere
0 0 reject all -- br-lan any anywhere anywhere
Chain zone_lan_forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
11 710 zone_wan_ACCEPT all -- any any anywhere anywhere
0 0 forwarding_lan all -- any any anywhere anywhere
0 0 zone_lan_REJECT all -- any any anywhere anywhere
Chain zone_wan (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
49 2540 input_wan all -- any any anywhere anywhere
1 44 zone_wan_REJECT all -- any any anywhere anywhere
Chain zone_wan_ACCEPT (2 references)
pkts bytes target prot opt in out source destination
15 918 ACCEPT all -- any pppoe-wan anywhere anywhere
0 0 ACCEPT all -- pppoe-wan any anywhere anywhere
Chain zone_wan_DROP (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any pppoe-wan anywhere anywhere
0 0 DROP all -- pppoe-wan any anywhere anywhere
Chain zone_wan_REJECT (2 references)
pkts bytes target prot opt in out source destination
0 0 reject all -- any pppoe-wan anywhere anywhere
1 44 reject all -- pppoe-wan any anywhere anywhere
Chain zone_wan_forward (1 references)
pkts bytes target prot opt in out source destination
2270 141K MINIUPNPD all -- pppoe-wan !pppoe-wan anywhere anywhere
2270 141K ACCEPT all -- any any anywhere 192.168.138.156
0 0 ACCEPT tcp -- any any anywhere d-PC.lan tcp dpt:3389
0 0 ACCEPT udp -- any any anywhere d-PC.lan udp dpt:3389
0 0 ACCEPT tcp -- any any anywhere d-PC.lan tcp dpt:56955
0 0 ACCEPT udp -- any any anywhere d-PC.lan udp dpt:56955
0 0 ACCEPT tcp -- any any anywhere 192.168.138.177 tcp dpt:5900
0 0 ACCEPT udp -- any any anywhere 192.168.138.177 udp dpt:5900
0 0 ACCEPT tcp -- any any anywhere 192.168.138.177 tcp dpt:5800
0 0 ACCEPT udp -- any any anywhere 192.168.138.177 udp dpt:5800
0 0 forwarding_wan all -- any any anywhere anywhere
0 0 zone_wan_REJECT all -- any any anywhere anywhereiptables -t nat -L -v
iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 580 packets, 46137 bytes)
pkts bytes target prot opt in out source destination
1577 107K prerouting_rule all -- any any anywhere anywhere
581 41789 zone_lan_prerouting all -- br-lan any anywhere anywhere
979 59707 zone_wan_prerouting all -- pppoe-wan any anywhere anywhere
0 0 DNAT tcp -- any any anywhere 192.168.138.0/24 tcp dpt:8000 to:10.0.2.1:8000
Chain POSTROUTING (policy ACCEPT 1032 packets, 65715 bytes)
pkts bytes target prot opt in out source destination
1080 68806 postrouting_rule all -- any any anywhere anywhere
935 58159 zone_lan_nat all -- any br-lan anywhere anywhere
15 930 zone_wan_nat all -- any pppoe-wan anywhere anywhere
Chain OUTPUT (policy ACCEPT 132 packets, 10365 bytes)
pkts bytes target prot opt in out source destination
Chain MINIUPNPD (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- any any anywhere anywhere udp dpt:59152 to:192.168.138.189:59152
Chain nat_reflection_in (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro tcp dpt:3389 to:192.168.138.189:3389
0 0 DNAT udp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro udp dpt:3389 to:192.168.138.189:3389
0 0 DNAT tcp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro tcp dpt:56955 to:192.168.138.189:56955
0 0 DNAT udp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro udp dpt:56955 to:192.168.138.189:56955
0 0 DNAT tcp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro tcp dpt:5900 to:192.168.138.177:5900
0 0 DNAT udp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro udp dpt:5900 to:192.168.138.177:5900
0 0 DNAT tcp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro tcp dpt:5800 to:192.168.138.177:5800
0 0 DNAT udp -- any any 192.168.138.0/24 86-126-110-219.rdsnet.ro udp dpt:5800 to:192.168.138.177:5800
Chain nat_reflection_out (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT tcp -- any any 192.168.138.0/24 d-PC.lan tcp dpt:3389 to:192.168.138.1
0 0 SNAT udp -- any any 192.168.138.0/24 d-PC.lan udp dpt:3389 to:192.168.138.1
0 0 SNAT tcp -- any any 192.168.138.0/24 d-PC.lan tcp dpt:56955 to:192.168.138.1
0 0 SNAT udp -- any any 192.168.138.0/24 d-PC.lan udp dpt:56955 to:192.168.138.1
0 0 SNAT tcp -- any any 192.168.138.0/24 192.168.138.177 tcp dpt:5900 to:192.168.138.1
0 0 SNAT udp -- any any 192.168.138.0/24 192.168.138.177 udp dpt:5900 to:192.168.138.1
0 0 SNAT tcp -- any any 192.168.138.0/24 192.168.138.177 tcp dpt:5800 to:192.168.138.1
0 0 SNAT udp -- any any 192.168.138.0/24 192.168.138.177 udp dpt:5800 to:192.168.138.1
Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth1 anywhere anywhere
1079 68569 nat_reflection_out all -- any any anywhere anywhere
Chain prerouting_lan (1 references)
pkts bytes target prot opt in out source destination
Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination
1577 107K nat_reflection_in all -- any any anywhere anywhere
Chain prerouting_wan (1 references)
pkts bytes target prot opt in out source destination
931 57211 DNAT all -- pppoe-wan any anywhere anywhere to:192.168.138.156
Chain zone_lan_nat (1 references)
pkts bytes target prot opt in out source destination
Chain zone_lan_prerouting (1 references)
pkts bytes target prot opt in out source destination
581 41789 prerouting_lan all -- any any anywhere anywhere
Chain zone_wan_nat (1 references)
pkts bytes target prot opt in out source destination
15 930 MASQUERADE all -- any any anywhere anywhere
Chain zone_wan_prerouting (1 references)
pkts bytes target prot opt in out source destination
979 59707 MINIUPNPD all -- pppoe-wan any anywhere anywhere
1 52 REDIRECT tcp -- any any anywhere anywhere tcp dpt:ssh redir ports 22
47 2444 REDIRECT tcp -- any any anywhere anywhere tcp dpt:www redir ports 80
0 0 REDIRECT tcp -- any any anywhere anywhere tcp dpt:https redir ports 443
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:3389 to:192.168.138.189:3389
0 0 DNAT udp -- any any anywhere anywhere udp dpt:3389 to:192.168.138.189:3389
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:56955 to:192.168.138.189:56955
0 0 DNAT udp -- any any anywhere anywhere udp dpt:56955 to:192.168.138.189:56955
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:5900 to:192.168.138.177:5900
0 0 DNAT udp -- any any anywhere anywhere udp dpt:5900 to:192.168.138.177:5900
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:5800 to:192.168.138.177:5800
0 0 DNAT udp -- any any anywhere anywhere udp dpt:5800 to:192.168.138.177:5800
931 57211 prerouting_wan all -- any any anywhere anywhere
root@Gargoyle:~$ifconfig
ifconfig
br-lan Link encap:Ethernet HWaddr 20:4E:7F:78:34:C7
inet addr:192.168.138.1 Bcast:192.168.138.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:131283 errors:0 dropped:0 overruns:0 frame:0
TX packets:161026 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21745568 (20.7 MiB) TX bytes:135190606 (128.9 MiB)
eth0 Link encap:Ethernet HWaddr 20:4E:7F:78:34:C7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:121526 errors:0 dropped:0 overruns:123881 frame:0
TX packets:164201 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20366855 (19.4 MiB) TX bytes:141368828 (134.8 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 20:4E:7F:78:34:C7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:121414 errors:0 dropped:0 overruns:0 frame:0
TX packets:164199 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18650936 (17.7 MiB) TX bytes:141367743 (134.8 MiB)
eth1 Link encap:Ethernet HWaddr 20:4E:7F:78:34:C8
inet addr:10.10.40.122 Bcast:10.10.40.122 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:156835 errors:0 dropped:0 overruns:0 frame:0
TX packets:112226 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:132644574 (126.4 MiB) TX bytes:15570606 (14.8 MiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3234 errors:0 dropped:0 overruns:0 frame:0
TX packets:3234 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:251089 (245.2 KiB) TX bytes:251089 (245.2 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 20-4E-7F-78-34-C7-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:601173 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:81077458 (77.3 MiB) TX bytes:0 (0.0 B)
mon.wlan1 Link encap:UNSPEC HWaddr 20-4E-7F-78-34-C9-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:991 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:85446 (83.4 KiB) TX bytes:0 (0.0 B)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:86.126.110.219 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:141452 errors:0 dropped:0 overruns:0 frame:0
TX packets:97615 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:128217777 (122.2 MiB) TX bytes:12697560 (12.1 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.2.10 P-t-P:10.0.2.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 20:4E:7F:78:34:C7
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:42166 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:0 (0.0 B) TX bytes:10010445 (9.5 MiB)
wlan1 Link encap:Ethernet HWaddr 20:4E:7F:78:34:C9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34366 errors:0 dropped:0 overruns:0 frame:0
TX packets:67401 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:22767865 (21.7 MiB) TX bytes:25393262 (24.2 MiB)próbuje bridgowac sieci ale jakiś błędny argument mam
root@Gargoyle:~$ brctl addif br-lan tun0
can't add tun0 to bridge br-lan: Invalid argumentmam pytanie czy naprawdę musisz to przez nat robić ? nie wystarczy zwykły routing ?
Masz dwie podsieci LAN1 i LAN2 aż się prosi o zrobienie routingu
żadnych przekierowań, brak bridge, itd.
Klienci jednej sieci mają dostęp do drugiej i viceversa i chyba o to Ci w ogóle chodzi ?
Tak, dokładnie o to chodzi, powiedz mi jak mam utworzyć routing ?
dodaje routing i mam błędy
root@Gargoyle:~$ route add -net 10.0.2.0 netmask 255.255.255.0 gw 10.0.2.1 dev br-lan
route: SIOCADDRT: No such processmoże po kolei
garygole nie znam nawet nie widziałem więc zakładam, że plik konfiguracyjny jest taki sam jak w openwrt
A więc tak najpierw routing
wyedytuj plik /etc/config/network w routerze WR1043ND i dopisz następującą sekcję:
config 'route'
option 'interface' 'lan'
option 'target' '192.168.1.0'
option 'netmask' '255.255.255.0'
option 'gateway' '10.0.2.10'
option 'metric' '2'wyedytuj plik /etc/config/network w routerze WNDR3700 i dopisz następującą sekcję:
config 'route'
option 'interface' 'lan'
option 'target' '192.168.178.0'
option 'netmask' '255.255.255.0'
option 'gateway' '10.0.2.1'
option 'metric' '2'restart routerów i pokaż z obu
route -n
W ogóle to w garygole powinieneś móc dodać te wpisy z gui connenction->routing
patrząc na scren
http://www.gargoyle-router.com/wiki/lib … ateway.jpg
ok wszystko pięknie chodzi
Miałeś rację z routingiem, trasy muszą być.
Na kliencie WNDR3700 wystarczy dopisać takie reguły i nie musimy na WNDR3700 tworzyć reguł przekierowujących porty
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADEpolecam opis konfiguracji na dd-wrt https://www.vpntunnel.se/howto/dd-wrt-openvpn.pdf
dzięki @rpc za poświęcony czas
no coś chyba zagmatwałeś bo
garygole to openwrt więc jest br-lan a nie br0 chyba ?
po drugie niepotrzebnie używasz MASQUERADE w przypadku routingu nie ma takiej - można go wyłączyć dla ruchu między własnymi sieciami
powinno wystarczyć na obu routerach
iptables -I FORWARD -i br-lan -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br-lan -j ACCEPT
iptables -t nat -I PREROUTING -i br-lan -o tun0 -j ACCEPTtak zgadza się miał być br-lan zamiast br0
z MASQUERADE sprawdzę i się odezwę.
sprawdzone z MASQUERADE nie działa, MASQUERADE musi być włączona na kliencie WNDR3700
wierz mi nie musi być włączone. Coś musi być jeszcze nie tak. Ale jak działa to można sobie temat dalej odpuścić
Przetestowane bez routingu statycznego i wszystko działa. Nie musi być ustalonych tras wystarczy dodać dwa FORWARD + MASQUERADE na dwóch routerach
iptables -I FORWARD -i br-lan -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br-lan -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADENapiszę tylko informacyjnie żeby przekierować port np. 8000 z 1043 do lanu wystarzy
iptables -t nat -I PREROUTING -d 10.0.2.0/24 -p tcp --dport 8000 -j DNAT --to-destination 192.168.178.42:8000
iptables -I FORWARD -i tun+ -p tcp --dport 8000 -j ACCEPTnadal twierdzę, że nat nie jest potrzebne przy tego typu sieci. Robiłem to nie raz i działa na więcej jak dwóch routerach.
bez sensu jest używać przekierowań między dwoma swoimi podsieciami prywatnymi. Ale cóż jak tak dla Ciebie lepiej to dobrze. Ja temat odpuszczam.
ok dzięki za poświęcony czas, temat uważam za zamknięty
Strony 1
Zaloguj się lub zarejestruj by napisać odpowiedź
eko.one.pl → Oprogramowanie / Software → przekierowanie z lan do tun
Forum oparte o PunBB, wspierane przez Informer Technologies, Inc