Děkuji za reakci. IPTABLES berte s obrouvskou rezrevou. Mám to ve stavu pokusu a omylu..
ARP jsem zapnutý neměl, forwarding ano.
Routovací tabulka Cloud server 1
Destination Gateway Genmask Flags Metric Ref Use Iface
default smart5.forpsi.n 0.0.0.0 UG 0 0 0 eth0
10.231.0.0 * 255.255.255.0 U 0 0 0 tun3
81.2.241.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 10.231.0.1 255.255.255.0 UG 0 0 0 tun3
192.168.3.0 * 255.255.255.0 U 0 0 0 tun1
192.168.250.0 * 255.255.255.0 U 0 0 0 tun2
192.168.254.0 10.231.0.1 255.255.255.0 UG 0 0 0 tun3
IPTABLES CLoud server 1
Chain INPUT (policy ACCEPT 1405K packets, 171M bytes)
pkts bytes target prot opt in out source destination
560 92871 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
19855 834K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:25201
57 2394 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1194
33 1620 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1294
5382 258K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
11606 639K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
5374 287K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
38296 3630K ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
38327 60M ACCEPT all -- eth0 tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun1 tun3 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun3 tun1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 1091K packets, 1304M bytes)
pkts bytes target prot opt in out source destination
Routovací tabulka Router doma
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
10.231.0.0 * 255.255.255.0 U 0 0 0 tun0
link-local * 255.255.0.0 U 1000 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.3.0 10.231.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.254.0 * 255.255.255.0 U 0 0 0 eth1
IPTABLES Router doma
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14314 1317K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1 60 ACCEPT tcp -- eth1 * 192.168.254.0/24 0.0.0.0/0 tcp dpt:22 state NEW,ESTABLISHED
12 1008 ACCEPT all -- tun0 * 10.231.0.0/24 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53
7980 968K LOGGING all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2305K 3558M ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
641K 111M ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun0 eth1 10.231.0.0/24 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun0 eth1 192.168.3.0/24 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun0 eth0 10.231.0.0/24 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- tun0 eth0 192.168.3.0/24 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 tun0 0.0.0.0/0 10.231.0.0/24 state NEW,ESTABLISHED
0 0 ACCEPT all -- eth1 tun0 0.0.0.0/0 10.231.0.0/24 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 tun0 0.0.0.0/0 10.231.0.0/24 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth0 tun0 0.0.0.0/0 192.168.254.0/24 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT all -- eth1 tun0 0.0.0.0/0 192.168.3.0/24 state NEW,RELATED,ESTABLISHED
1491 125K LOGGING all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
652 200K ACCEPT tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW,ESTABLISHED
50 3370 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53
11941 1003K ACCEPT udp -- * eth0 0.0.0.0/0 81.2.241.253 udp dpt:25201
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmptype 8 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth0 0.0.0.0/0 0.0.0.0/0 icmptype 0
4 192 ACCEPT icmp -- * eth1 0.0.0.0/0 0.0.0.0/0 icmptype 8 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * eth1 0.0.0.0/0 0.0.0.0/0 icmptype 0
47 3948 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0
818 218K LOGGING all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGGING (3 references)
pkts bytes target prot opt in out source destination
1602 203K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min burst 5 LOG flags 0 level 4 prefix "IPTables-Dropped: "
10289 1312K DROP all -- * * 0.0.0.0/0 0.0.0.0/0