[ gmatanic @ 24.06.2013. 09:19 ] @
Imam siemens sx763 modem koji mi je glavni izlaz na internet. Iza njega u lokalnoj mreži imam nekoliko mikrotik rutera (wireless mreža) Za ruting protokol mi je postavljen OSPF koji dobro odrađuje posao. Problem je što moj siemens ne pušta internet prema drugim mrežama osim u mreži u kojoj je on. Primjerice, imam rutere u subnetu 192.168.30.0/24, 192.168.31.0/24, 192.168.29.0/24 i 192.168.33.0/24. Modem mi je u ovome zadnjem 192.168.33.0/24 i taj ruter ima izlaz na internet, kada pingtam neku adresu recimo www.google.com ping mi prolazi bez problema. Kada pingam www.google.com sa nekog drugog rutera koji nije u tom subnetu neće. Napravim traceroute i paket mi dođe do ip adrese modema (192.168.33.3) i dalje neide. Kako je u Siemens-u linux pa sam pomislio da je nešto sa iptables-ima problem. Kako mu "narediti" da propušta i ostali promet "van" a ne samo ovaj iz njegovog subneta??? Ovo je izlistanje iptables-a ~ # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination wan_in all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination forward_rtp udp -- anywhere anywhere HI_PRIO_FORWARD all -- anywhere anywhere FWD_PORTFORWARD all -- anywhere anywhere TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S YN TCPMSS clamp to PMTU ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:53059 ACCEPT udp -- anywhere 192.168.33.2 udp dpt:53059 ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:3389 ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:1723 ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:4899 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain Access (0 references) target prot opt source destination Chain FWD_FORWARD_DOS_TCP_HDR (0 references) target prot opt source destination Chain FWD_FORWARD_DOS_TCP_PAYLOAD (0 references) target prot opt source destination Chain FWD_INPUT_DOS_TCP_PAYLOAD (0 references) target prot opt source destination Chain FWD_PORTFORWARD (1 references) target prot opt source destination Chain HI_PRIO_FORWARD (1 references) target prot opt source destination Chain allowed (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere state NEW tcp flags FIN,SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state RELATED,ESTAB LISHED DROP tcp -- anywhere anywhere Chain bad_tcp_packets (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere state NEW tcp flags :SYN,ACK/SYN,ACK reject-with tcp-reset DROP tcp -- anywhere anywhere state NEW tcp flags :!SYN,RST,ACK/SYN Chain forward_rtp (1 references) target prot opt source destination Chain icmp_packets (0 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp time-exceeded Chain tcp_packets (0 references) target prot opt source destination allowed tcp -- anywhere anywhere tcp dpt:ssh Chain udp_packets (0 references) target prot opt source destination Chain wan_in (1 references) target prot opt source destination bad_tcp_packets tcp -- anywhere anywhere |