VPNAta-man писал(а):.... И что за адрес 10.0.0.0 ???
UTM5 +RedHat server 7.1
Продолжение
Сначало логи.
клиент 10.0.0.1 по VPN пинговался с него яндекс
[root@localhost ~]# tcpdump -ni ppp0 host 10.0.0.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
19:13:47.262825 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:48.012923 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:48.762958 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:49.510968 IP 10.0.0.1.51897 > 224.0.0.252.hostmon: UDP, length 27
19:13:49.612172 IP 10.0.0.1.51897 > 224.0.0.252.hostmon: UDP, length 27
19:13:49.813193 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:50.563031 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:51.312900 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:52.064839 IP 10.0.0.1.59027 > 224.0.0.252.hostmon: UDP, length 27
19:13:52.165804 IP 10.0.0.1.59027 > 224.0.0.252.hostmon: UDP, length 27
19:13:52.367909 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:53.117645 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:53.867564 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:54.623969 IP 10.0.0.1.53092 > 224.0.0.252.hostmon: UDP, length 27
19:13:54.724633 IP 10.0.0.1.53092 > 224.0.0.252.hostmon: UDP, length 27
19:13:54.926583 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.123603 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.124039 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.124838 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.676429 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.873433 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.873533 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.874305 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.426393 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.623448 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.623449 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.624247 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:57.374249 IP 10.0.0.1.60070 > 224.0.0.252.hostmon: UDP, length 27
28 packets captured
56 packets received by filter
0 packets dropped by kernel
_____________________________________________________________
# Generated by iptables-save v1.3.5 on Sun Apr 26 00:07:59 2009
*nat
:PREROUTING ACCEPT [621:39837]
:POSTROUTING ACCEPT [190:11762]
:OUTPUT ACCEPT [179:11033]
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.100.1/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/32 -o eth0 -j SNAT --to-source 192.168.100.1
COMMIT
# Completed on Sun Apr 26 00:07:59 2009
# Generated by iptables-save v1.3.5 on Sun Apr 26 00:07:59 2009
*filter
:INPUT ACCEPT [3614:2600515]
:FORWARD ACCEPT [14:890]
:OUTPUT ACCEPT [2402:1885983]
-A FORWARD -s 10.0.0.0 -o eth0 -j ACCEPT
COMMIT
# Completed on Sun Apr 26 00:07:59 2009
_____________________________________________________________
Внимание вопрос.
Почему нет инета?
Сначало логи.
клиент 10.0.0.1 по VPN пинговался с него яндекс
[root@localhost ~]# tcpdump -ni ppp0 host 10.0.0.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
19:13:47.262825 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:48.012923 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:48.762958 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:49.510968 IP 10.0.0.1.51897 > 224.0.0.252.hostmon: UDP, length 27
19:13:49.612172 IP 10.0.0.1.51897 > 224.0.0.252.hostmon: UDP, length 27
19:13:49.813193 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:50.563031 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:51.312900 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:52.064839 IP 10.0.0.1.59027 > 224.0.0.252.hostmon: UDP, length 27
19:13:52.165804 IP 10.0.0.1.59027 > 224.0.0.252.hostmon: UDP, length 27
19:13:52.367909 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:53.117645 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:53.867564 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:54.623969 IP 10.0.0.1.53092 > 224.0.0.252.hostmon: UDP, length 27
19:13:54.724633 IP 10.0.0.1.53092 > 224.0.0.252.hostmon: UDP, length 27
19:13:54.926583 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.123603 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.124039 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.124838 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.676429 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.873433 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.873533 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:55.874305 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.426393 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.623448 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.623449 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:56.624247 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
19:13:57.374249 IP 10.0.0.1.60070 > 224.0.0.252.hostmon: UDP, length 27
28 packets captured
56 packets received by filter
0 packets dropped by kernel
_____________________________________________________________
# Generated by iptables-save v1.3.5 on Sun Apr 26 00:07:59 2009
*nat
:PREROUTING ACCEPT [621:39837]
:POSTROUTING ACCEPT [190:11762]
:OUTPUT ACCEPT [179:11033]
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.100.1/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.0.0.0/32 -o eth0 -j SNAT --to-source 192.168.100.1
COMMIT
# Completed on Sun Apr 26 00:07:59 2009
# Generated by iptables-save v1.3.5 on Sun Apr 26 00:07:59 2009
*filter
:INPUT ACCEPT [3614:2600515]
:FORWARD ACCEPT [14:890]
:OUTPUT ACCEPT [2402:1885983]
-A FORWARD -s 10.0.0.0 -o eth0 -j ACCEPT
COMMIT
# Completed on Sun Apr 26 00:07:59 2009
_____________________________________________________________
Внимание вопрос.
Почему нет инета?
Это и есть праблема=) За сервером внешний шлюз пингуется, должно и по сайтам бегать так как дальше ворот нет. Провайдер откры
И в тоже время отдельные сайты проходят
12:07:31.682386 IP 10.0.0.1 > 87.242.118.20: ICMP echo request, id 1, seq 1100, length 40
12:07:31.712686 IP 87.242.118.20 > 10.0.0.1: ICMP echo reply, id 1, seq 1100, length 40
12:07:32.175848 IP 10.0.0.1.50608 > 192.168.1.3.domain: 29628+ A? um11.eset.com. (31)
12:07:32.685300 IP 10.0.0.1 > 87.242.118.20: ICMP echo request, id 1, seq 1101, length 40
12:07:32.715349 IP 87.242.118.20 > 10.0.0.1: ICMP echo reply, id 1, seq 1101, length 40
_______________________________________________________________________
(0) ack 1747588708 win 64240 <mss 1430,nop,nop,sackOK,nop,wscale 13>
12:06:25.527371 IP 10.0.0.1.50477 > 217.73.200.222.http: . ack 1 win 16660
12:06:25.527991 IP 10.0.0.1.50477 > 217.73.200.222.http: P 1:470(469) ack 1 win 16660
12:06:25.529243 IP 77.88.21.14.http > 10.0.0.1.50479: S 1621326094:1621326094(0) ack 276138858 win 65535 <mss 1410,nop,wscale 1,sackOK,eol>
12:06:25.530460 IP 10.0.0.1.50479 > 77.88.21.14.http: . ack 1 win 16660
12:06:25.531827 IP 10.0.0.1.50483 > 213.180.204.91.http: S 1550061261:1550061261(0) win 8192 <mss 1360,nop,wscale 2,nop,nop,sackOK>
12:06:25.533028 IP 10.0.0.1.50479 > 77.88.21.14.http: P 1:604(603) ack 1 win 16660
12:06:25.534805 IP 213.180.204.91.http > 10.0.0.1.50481: S 1398692861:1398692861(0) ack 1135501511 win 5640 <mss 1410,nop,nop,sackOK,nop,wscale 4>
12:06:25.536322 IP 10.0.0.1.50481 > 213.180.204.91.http: . ack 1 win 16660
12:06:25.538346 IP 10.0.0.1.50481 > 213.180.204.91.http: P 1:585(584) ack 1 win 16660
12:06:25.538716 IP 10.0.0.1.50475 > 77.88.21.3.http: F 738:738(0) ack 16016 win 16660
12:06:25.539181 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:06:25.558356 IP 10.0.0.1.50485 > 213.180.204.91.http: S 1445418369:1445418369(0) win 8192 <mss 1360,nop,wscale 2,nop,nop,sackOK>
12:06:25.560935 IP 217.73.200.222.http > 10.0.0.1.50477: . ack 470 win 8
12:06:25.561152 IP 217.73.200.222.http > 10.0.0.1.50477: P 1:439(438) ack 470 win 8
12:06:25.561171 IP 217.73.200.222.http > 10.0.0.1.50477: F 439:439(0) ack 470 win 8
12:06:25.561224 IP 213.180.204.91.http > 10.0.0.1.50483: S 1403357329:1403357329(0) ack 1550061262 win 5640 <mss 1410,nop,nop,sackOK,nop,wscale 4>
12:06:25.562507 IP 10.0.0.1.50477 > 217.73.200.222.http: . ack 440 win 16550
12:06:25.562675 IP 10.0.0.1.50483 > 213.180.204.91.http: . ack 1 win 16660
12:06:25.565708 IP 10.0.0.1.50483 > 213.180.204.91.http: P 1:532(531) ack 1 win
И в тоже время отдельные сайты проходят
12:07:31.682386 IP 10.0.0.1 > 87.242.118.20: ICMP echo request, id 1, seq 1100, length 40
12:07:31.712686 IP 87.242.118.20 > 10.0.0.1: ICMP echo reply, id 1, seq 1100, length 40
12:07:32.175848 IP 10.0.0.1.50608 > 192.168.1.3.domain: 29628+ A? um11.eset.com. (31)
12:07:32.685300 IP 10.0.0.1 > 87.242.118.20: ICMP echo request, id 1, seq 1101, length 40
12:07:32.715349 IP 87.242.118.20 > 10.0.0.1: ICMP echo reply, id 1, seq 1101, length 40
_______________________________________________________________________
(0) ack 1747588708 win 64240 <mss 1430,nop,nop,sackOK,nop,wscale 13>
12:06:25.527371 IP 10.0.0.1.50477 > 217.73.200.222.http: . ack 1 win 16660
12:06:25.527991 IP 10.0.0.1.50477 > 217.73.200.222.http: P 1:470(469) ack 1 win 16660
12:06:25.529243 IP 77.88.21.14.http > 10.0.0.1.50479: S 1621326094:1621326094(0) ack 276138858 win 65535 <mss 1410,nop,wscale 1,sackOK,eol>
12:06:25.530460 IP 10.0.0.1.50479 > 77.88.21.14.http: . ack 1 win 16660
12:06:25.531827 IP 10.0.0.1.50483 > 213.180.204.91.http: S 1550061261:1550061261(0) win 8192 <mss 1360,nop,wscale 2,nop,nop,sackOK>
12:06:25.533028 IP 10.0.0.1.50479 > 77.88.21.14.http: P 1:604(603) ack 1 win 16660
12:06:25.534805 IP 213.180.204.91.http > 10.0.0.1.50481: S 1398692861:1398692861(0) ack 1135501511 win 5640 <mss 1410,nop,nop,sackOK,nop,wscale 4>
12:06:25.536322 IP 10.0.0.1.50481 > 213.180.204.91.http: . ack 1 win 16660
12:06:25.538346 IP 10.0.0.1.50481 > 213.180.204.91.http: P 1:585(584) ack 1 win 16660
12:06:25.538716 IP 10.0.0.1.50475 > 77.88.21.3.http: F 738:738(0) ack 16016 win 16660
12:06:25.539181 IP 10.0.0.1.netbios-ns > 255.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:06:25.558356 IP 10.0.0.1.50485 > 213.180.204.91.http: S 1445418369:1445418369(0) win 8192 <mss 1360,nop,wscale 2,nop,nop,sackOK>
12:06:25.560935 IP 217.73.200.222.http > 10.0.0.1.50477: . ack 470 win 8
12:06:25.561152 IP 217.73.200.222.http > 10.0.0.1.50477: P 1:439(438) ack 470 win 8
12:06:25.561171 IP 217.73.200.222.http > 10.0.0.1.50477: F 439:439(0) ack 470 win 8
12:06:25.561224 IP 213.180.204.91.http > 10.0.0.1.50483: S 1403357329:1403357329(0) ack 1550061262 win 5640 <mss 1410,nop,nop,sackOK,nop,wscale 4>
12:06:25.562507 IP 10.0.0.1.50477 > 217.73.200.222.http: . ack 440 win 16550
12:06:25.562675 IP 10.0.0.1.50483 > 213.180.204.91.http: . ack 1 win 16660
12:06:25.565708 IP 10.0.0.1.50483 > 213.180.204.91.http: P 1:532(531) ack 1 win
?? Когда это сеть по /32 задавалась? Я сколько с сетями работаю, всегда думал что это отдельный хостFORMUS писал(а):При чем тут 10.0.0.0 если задается сеть, она по 0/32 задается. Опят таки ...не работает только под вистой, под ХР все влетает и работает как по книге положено. Дело похоже не в билинге а в Висте. Или я ошибаюсь?
Покажи вывод iptables -nvL -t nat
[root@localhost ~]# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 9240 packets, 899K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1942 packets, 155K bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.1.0/24 192.168.100.0/24
0 0 SNAT all -- * eth0 10.0.0.0 0.0.0.0/0 to:192.168.100.1
1794 88041 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1942 packets, 155K bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 9240 packets, 899K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1942 packets, 155K bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 192.168.1.0/24 192.168.100.0/24
0 0 SNAT all -- * eth0 10.0.0.0 0.0.0.0/0 to:192.168.100.1
1794 88041 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1942 packets, 155K bytes)
pkts bytes target prot opt in out source destination