[linux] NAT privatnych laniek na firewalle.
Juraj Bednar
juraj na bednar.sk
Čtvrtek Duben 22 13:53:14 CEST 2004
Ahoj,
> Uurobim si 2 aliasy eth0 a kazdu LAN budem natovat na iny interface/alias.
>
> Ale toto riesenie sa mi velmi nepaci, ake mam dalsie moznosti - neda
> sa to spravit cez lokalne loopbacky?
>
> Navyse ak pouzivam alias eth0:1, tak dostavam od iptables tento warning:
>
> Warning: wierd character in interface `eth0:1' (No aliases, :, ! or *).
>
> Je to v poriadku?
nie je to v poriadku, ako interfejs musis pouzit vzdy eth0, aliasovane
interfejsy v iptables su ti nanic.
inak tato otazka mi pripada fakt odveci. odpoved sa da najst priamo v
mane k iptablom:
MASQUERADE
This target is only valid in the nat table, in the POSTROUTING chain. It should
only be used with dynamically assigned IP (dialup) connections: if you have a
static IP address, you should use the SNAT target. Masquerading is equivalent to
......
cize pouzijeme SNAT
SNAT
This target is only valid in the nat table, in the POSTROUTING chain. It specifies
that the source address of the packet should be modified (and all future packets in
this connection will also be mangled), and rules should cease being examined. It
takes one option:
--to-source ipaddr[-ipaddr][:port-port]
which can specify a single new source IP address, an inclusive range of IP
addresses, and optionally, a port range (which is only valid if the rule
also specifies -p tcp or -p udp). If no port range is specified, then
source ports below 512 will be mapped to other ports below 512: those
between 512 and 1023 inclusive will be mapped to ports below 1024, and other
ports will be mapped to 1024 or above. Where possible, no port alteration
will occur.
kde mas priamo odpoved ako specifikovat ipcku a dokonca aj porty.
J.
Další informace o konferenci linux