xfulviox
28-10-2004, 06:52
qualcuno usa con successo i benefici di questo pacchetto?
Install the ipmasq package. When installed, it will automatically detect and install the appropriate kernel options and modules, determine which of your network interfaces is on the Internet, and start IP masquerading using the IP chains interface in the kernel. Now your machines on the LAN should be able to surf the web, get mail from an external server, download via ftp, etc. as if they were on the Internet. Isn't that cool?
purtroppo dal client non riesco a raggiungere la connessione (nč pagine web nč altri servizi)... dns? il ping fra le due macchine va a buon fine, quindi presumo sia un problema di forwarding e masquerading...
nel resolv.conf del client ho messo l'ip del server e quelli dell'isp, e search su rete.locale e "isp.it"...
su server (create da ipmasq):
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- localnet/24 anywhere
ACCEPT !tcp -- anywhere base-address.mcast.net/4
LOG all -- localnet/24 anywhere LOG level warning
DROP all -- localnet/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere host190-157.pool62211.interbusiness.it
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
LISHED
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere localnet/24
ACCEPT !tcp -- anywhere base-address.mcast.net/4
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- host190-157.pool62211.interbusiness.it anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Install the ipmasq package. When installed, it will automatically detect and install the appropriate kernel options and modules, determine which of your network interfaces is on the Internet, and start IP masquerading using the IP chains interface in the kernel. Now your machines on the LAN should be able to surf the web, get mail from an external server, download via ftp, etc. as if they were on the Internet. Isn't that cool?
purtroppo dal client non riesco a raggiungere la connessione (nč pagine web nč altri servizi)... dns? il ping fra le due macchine va a buon fine, quindi presumo sia un problema di forwarding e masquerading...
nel resolv.conf del client ho messo l'ip del server e quelli dell'isp, e search su rete.locale e "isp.it"...
su server (create da ipmasq):
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- localnet/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- localnet/24 anywhere
ACCEPT !tcp -- anywhere base-address.mcast.net/4
LOG all -- localnet/24 anywhere LOG level warning
DROP all -- localnet/24 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere host190-157.pool62211.interbusiness.it
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- localnet/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB
LISHED
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere localnet/24
ACCEPT !tcp -- anywhere base-address.mcast.net/4
LOG all -- anywhere localnet/24 LOG level warning
DROP all -- anywhere localnet/24
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- host190-157.pool62211.interbusiness.it anywhere
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere