Ahoj,
potreboval bych poradit s me zahadnym problemem. Mam Ubuntu 9.04 server, ktery je jednou sitovkou (eth0) pripojen k adsl modemu a druhou (eth1) sdili net do vnitrni site + dalsi sluzby. Nastavil sem /ect/network/interfaces
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.0.206
netmask 255.255.255.0
gateway 10.0.0.138
network 10.0.0.0
broadcast 10.0.0.255
auto eth1
iface eth1 inet static
address 192.168.10.206
netmask 255.255.255.0
Nainstaloval firehol a nastavil ho
/etc/firehol/firehol.conf
version 5
FIREHOL_LOG_LEVEL="7"
DEFAULT_CLIENT_PORTS="1024:65535"
public_ip="cepela.homelinux.org"
server_icq_ports="tcp/5190"
client_icq_ports="default"
home_ips="192.168.10.206/24"
interface eth1 internal src "${home_ips}"
policy reject
server http accept
server netbios_ns accept
server netbios_dgm accept
server netbios_ssn accept
server samba accept
server icmp accept
server ping accept
server ssh accept
server dhcp accept
server cups accept
server dns accept
server webmin accept
server https accept
server ftp accept
server smtp accept
client all accept
interface eth0 external src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
policy drop
server icmp accept
server ping accept
server ident reject with tcp-reset
client all accept
router internal2external inface eth1 outface eth0
masquerade
route all accept
#router external2internal inface eth0 outface eth1
# masquerade reverse
# client all accept
# server ident reject with tcp-resetNa klientech vse bezi jak ma, dostanou ip adresy (od DHCP na tomto serveru), internet jede, ale na serveru nejdou ani pingy, jen na vnitrni sit. Pokud chci pingnout modem dostanu
ping 10.0.0.138
PING 10.0.0.138 (10.0.0.138) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
^C
--- 10.0.0.138 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3001msPokud to zadam jako sudo ping 10.0.0.138 dostanu to same. Kdyz dam ping treba na
www.seznam.cz dostanu toto:
ping: unknown host www.seznam.czJakmile firehol vypnu, tak net na serveru jde, ale pochopitelne nejde na klientech. Hledal sem chybu nekde v routovani, ale uplne ten samy config fireholu sem pouzival na ubuntu 8.10 server pred reinstalaci a vse jelo OK (u puvodni instalace byly prohozeny eth0 a eth1, to sem ale jak v interfaces tak firehol.conf prehodil). Nic sem nenasel, tak prosim nekoho o radu, co by to mohlo byt. Pro jistotu jeste pridavam routovaci tabulku.
Směrovací tabulka v jádru pro IP
Adresát Brána Maska Přízn Metrik Odkaz Užt Rozhraní
10.0.0.0 * 255.255.255.0 U 0 0 0 eth0
192.168.10.0 * 255.255.255.0 U 0 0 0 eth1
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
default 10.0.0.138 0.0.0.0 UG 100 0 0 eth0
Propo, kdyby mi jeste nekdo objasnil co je za zarizeni to virbr0, tak bych byl taky vdecen, v U8.10 to nebylo a je to az ted v U9.04
Téma: Sdileni internetu - klienti OK - server KO [vyřešeno] (Přečteno 3331 krát)