lİnux-router-1 gw1: 74.90.92.1 gw2: 95.111.62.129 isp1 eth0 74.90.92.246 95.111.62.136 eth1...
TRANSCRIPT
LİNUX-ROUTER-1Gw1: 74.90.92.1
GW2: 95.111.62.129ISP1
eth074.90.92.24695.111.62.136
eth110.3.3.1/30
LİNUX-ROUTER-2Gw1:192.168.198.2
Gw2:10.3.3.1
eth110.3.3.2/30
ISP2
eth0192.168.198.130/24
XPGw: 192.168.198.130
eth0
192.168.198.31/24
Soru : 192.168.198.31’e 95.111.62.136‘nın 3389 ve 80 nolu portlarını iptables ve iproute kullanarak nasıl NATLARIZ ?
Not : 2 nolu routerda ana routing tabloda default gw 10.3.3.1 yapılırsa çalışıyor. Sorun 192.168.198.2 olduğunda çalışmaması.
LINUX-ROUTER-1 Route Table• ip r s• 10.3.3.0/30 dev eth1 proto kernel scope link src 10.3.3.1• 95.111.62.128/26 dev eth0 scope link src 95.111.62.136• 78.90.92.0/24 dev eth0 scope link src 78.90.92.246• default via 78.90.92.1 dev eth0
• ip r s t 10
• 78.90.92.0/24 dev eth0 scope link src 78.90.92.246• default via 78.90.92.1 dev eth0
• İp r s t 20
• 10.3.3.0/30 dev eth1 scope link src 10.3.3.1• 95.111.62.128/26 dev eth0 scope link src 95.111.62.136• default via 95.111.62.129 dev eth0
Linux ROUTER-1 IPTABLES• İptables –t mangle -L• Chain PREROUTING (policy ACCEPT)• target prot opt source destination• TTL all -- anywhere anywhere TTL set to 100• MARK all -- 10.3.3.2 anywhere MARK xset 0x2/0xffffffff
• Chain INPUT (policy ACCEPT)• target prot opt source destination
• Chain FORWARD (policy ACCEPT)• target prot opt source destination
• Chain OUTPUT (policy ACCEPT)• target prot opt source destination
• Chain POSTROUTING (policy ACCEPT)• target prot opt source destination
• İptables –t nat –L• Chain PREROUTING (policy ACCEPT)• target prot opt source destination
• DNAT tcp -- anywhere 95-111-62-136 tcp dpt:4390 to:10.3.3.2:3389• DNAT tcp -- anywhere 95-111-62-136 multiport dports ftp-data,ftp,ssh,www to:10.3.3.2
• Chain POSTROUTING (policy ACCEPT)• target prot opt source destination• SNAT all -- 10.3.3.2 anywhere to:95.111.62.136
• Chain OUTPUT (policy ACCEPT)• target prot opt source destination
LINUX-ROUTER-2 Route Table
• ip r s
• 10.3.3.0/30 dev eth1 proto kernel scope link src 10.3.3.2• 192.168.198.0/24 dev eth0 scope link src 192.168.198.130• default via 192.168.198.2 dev eth0 metric 2
• ip r s t 10
• 10.3.3.0/30 dev eth1 scope link src 10.3.3.2• 192.168.198.0/24 dev eth0 scope link src 192.168.198.130• default via 192.168.198.2 dev eth0
• İp r s t 20
• 10.3.3.0/30 dev eth1 scope link src 10.3.3.2• 192.168.198.0/24 dev eth0 scope link src 192.168.198.130• default via 10.3.3.1 dev eth1
Linux ROUTER-2 IPTABLES• İptables –t mangle -L• Chain PREROUTING (policy ACCEPT)• target prot opt source destination• TTL all -- anywhere anywhere TTL set to 100• MARK all -- 10.3.3.2 anywhere MARK xset 0x2/0xffffffff
• Chain INPUT (policy ACCEPT)• target prot opt source destination
• Chain FORWARD (policy ACCEPT)• target prot opt source destination
• Chain OUTPUT (policy ACCEPT)• target prot opt source destination
• Chain POSTROUTING (policy ACCEPT)• target prot opt source destination
• İptables –t nat –L• Chain PREROUTING (policy ACCEPT)• target prot opt source destination
• DNAT tcp -- anywhere 10.3.3.2 tcp dpt:4390 to:10.3.3.2:3389• DNAT tcp -- anywhere 10.3.3.2 multiport dports ftp-data,ftp,ssh,www to:192.168.98.31
• Chain POSTROUTING (policy ACCEPT)• target prot opt source destination
• SNAT all -- 192.168.198.31 anywhere to:10.3.3.2
• Chain OUTPUT (policy ACCEPT)• target prot opt source destination