Re: Integration in bestehendes Netz
Dirk Wenzel wrote:
Am 03.12.2004 um 15:14 schrieb Ralf Gesel|ensetter:
Am Freitag, 3. Dezember 2004 14:54 schrieb Dirk Wenzel:
Portforwarding ist aktiviert. Möglicherweise sind die Einstellungen
aber nicht richtig.
AFAIK ist das etwas anderes als IP-Forwarding: Beim Port-Forwarding wird
die Orig-IP weiter maskiert, der Router tut je nach Port nach außen so
als sei er Server A oder B.
Du wirst wohl recht haben. Ich poste einfach mal die
Konfigurationsdatei des tux_routers. Vielleicht fällt jemandem was auf.
Hinweis: Header gekürzt, nicht verwendete Einträge für Kartentreiber
entfernt.
##----------------------------------------------------------------------
-------
## base.txt - fli4l configuration parameters 2.0.8
## Copyright (c) 2001-2002 Frank Meyer <frank@fli4l.de>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##----------------------------------------------------------------------
-------
#-----------------------------------------------------------------------
-------
# General settings:
#-----------------------------------------------------------------------
-------
HOSTNAME='tux_router' # name of fli4l router
PASSWORD='*****' # password for telnetd, ftpd and sshd
MOUNT_BOOT='rw' # mount boot device (floppy): ro, rw, no
RAMSIZE='4096' # size of ramdisk for unzipped opt.tgz
# the variables MOUNT_OPT, PART_OPT and UPDATE_MODE will be ignored if
# RAMSIZE is not empty. see docu
MOUNT_OPT='ro' # mount opt device: ro, rw
PART_OPT='hda2' # location of opt-files? ram1 or
disk-partition
UPDATE_MODE='full' # add, cfg, full, none, see documentation
#-----------------------------------------------------------------------
-------
# Ethernet card drivers:
# uncomment your ethernet card
#-----------------------------------------------------------------------
-------
ETH_DRV_N='2' # number of ethernet drivers to load,
usually 1
3c59x,3c900,3c905
ETH_DRV_2='ne2k-pci' # PCI: NE2000 PCI clone (eg. Realtek 8029,
# Winbond 89c940)
ETH_DRV_1_OPTION='' # additional option, e.g. 'io=0x340'
for ne
ETH_DRV_2_OPTION='' # additional option, e.g. 'io=0x340'
for ne
#-----------------------------------------------------------------------
-------
# Ether networks used with IP protocol:
#-----------------------------------------------------------------------
-------
IP_ETH_N='2' # number of ip ethernet networks,
usually 1
IP_ETH_1_NAME=''
IP_ETH_1_IPADDR='192.168.123.200' # IP address of your n'th
ethernet card
IP_ETH_1_NETWORK='192.168.123.0' # network of your LAN
IP_ETH_1_NETMASK='255.255.255.0' # netmask of your LAN
IP_ETH_2_NAME='' # optional: other device name than
ethX
IP_ETH_2_IPADDR='10.0.2.1' # IP address of your n'th ethernet card
IP_ETH_2_NETWORK='10.0.2.0' # network of your LAN
IP_ETH_2_NETMASK='255.255.254.0' # netmask of your LAN
#-----------------------------------------------------------------------
-------
# Additional routes, optional
#-----------------------------------------------------------------------
-------
IP_DEFAULT_GATEWAY='192.168.123.1' # normally not used,
read documentation!
IP_ROUTE_N='0' # number of additional routes
IP_ROUTE_1='10.0.2.0 255.255.254.0 10.0.2.1' # network netmask gateway
IP_ROUTE_2='192.168.123.0 255.255.255.0 192.168.123.200' # network
netmask gateway
Langsam, das verstehe ich nicht, IP_ETH_1_NETWORK ist 192.168.xxx.yyy,
es zeigt aber IP_ROUTE_2 auf dieses Netz; stimmt das?
#-----------------------------------------------------------------------
-------
# Masquerading:
#-----------------------------------------------------------------------
-------
MASQ_NETWORK='' # networks to masquerade (e.g. our LAN)
MASQ_MODULE_N='1' # load n masq modules (default:
only ftp)
MASQ_MODULE_1='ftp' # ftp
MASQ_MODULE_2='h323' # h323 (netmeeting)
MASQ_MODULE_3='icq' # icq (use with caution!)
MASQ_MODULE_4='irc' # irc
MASQ_MODULE_5='raudio' # raudio
MASQ_MODULE_6='vdolive' # vdolive
MASQ_MODULE_7='quake' # quake
MASQ_MODULE_8='cuseeme' # cuseeme
MASQ_MODULE_9='mms' # MSN-Filetransfer
MASQ_MODULE_10='pptp' # pptp
MASQ_MODULE_11='ipsec' # ipsec
MASQ_MODULE_12='dplay' # dplay (direct play)
MASQ_MODULE_13='msn-0.02' # msn zone (use version 0.01 or 0.02)
MASQ_MODULE_14='udp_dloose' # pseudo mod: some internet games
need it
MASQ_FTP_PORT_N='0' # using ftp masq-module on
different ports
MASQ_FTP_PORT_1='21' # standard ftp port
MASQ_FTP_PORT_2='2021' # additional port
#-----------------------------------------------------------------------
-------
# Optional package: PORTFW
#
# If you set OPT_PORTFW='yes', you can also edit opt/etc/portfw.sh
#-----------------------------------------------------------------------
-------
OPT_PORTFW='yes' # install port forwarding
tools/modules
PORTFW_N='0' # how many portforwardings to set up
PORTFW_1='8080 192.168.6.15:80 tcp' # sample 1: forward ext. port 8080
to int.
# host 192.168.6.15 to port 80 (use
tcp)
PORTFW_2='3000-3010 192.168.6.15 tcp' # sample 2: forward portrange to
int. host
# 192.168.5.15 (use tcp)
#-----------------------------------------------------------------------
-------
# Routing without masquerading
#-----------------------------------------------------------------------
-------
ROUTE_NETWORK='' # optional: route from/to network,
no masq
#-----------------------------------------------------------------------
-------
# Routing: internal hosts to deny forwarding
#-----------------------------------------------------------------------
-------
FORWARD_DENY_HOST_N='0' # number of denied hosts
FORWARD_DENY_HOST_1='192.168.6.5' # optional: 1st denied host
FORWARD_DENY_HOST_2='192.168.6.6' # optional: 2nd denied host
#-----------------------------------------------------------------------
-------
# Routing: ports to reject/deny forwarding (from inside and outside!)
#-----------------------------------------------------------------------
-------
FORWARD_DENY_PORT_N='1' # no. of ports to reject/deny
forwarding
FORWARD_DENY_PORT_1='137:139 REJECT' # deny/reject forwarding of
netbios
FORWARD_TRUSTED_NETS='192.168.123.0/24 10.0.2.0/23' #
but allow forwarding between LANs
#-----------------------------------------------------------------------
-------
# Firewall: ports to reject/deny from outside (all served ports)
#
# here we leave two ports untouched:
#
# 53 dns
# 113 auth
#-----------------------------------------------------------------------
-------
FIREWALL_DENY_PORT_N='6' # no. of ports to reject/deny
FIREWALL_DENY_PORT_1='0:52 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_2='54:112 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_3='114:1023 REJECT' # privileged ports: reject or deny
FIREWALL_DENY_PORT_4='5000:5001 REJECT' # imond/telmond ports: reject
or deny
Hier schlägt iptables zu. Hier sind alle privilegierten Ports außer
53 (DNS) und 113 (auth) gesperrt!
FIREWALL_DENY_PORT_5='8000 REJECT' # proxy access: reject or deny
FIREWALL_DENY_PORT_6='20012 REJECT' # vbox server access: reject or
deny
FIREWALL_DENY_ICMP='no' # deny icmp (ping): yes or no
FIREWALL_LOG='yes' # log access to rejected/denied
ports
#-----------------------------------------------------------------------
-------
# Domain configuration:
#-----------------------------------------------------------------------
-------
START_DNS='yes' # start dns server: yes or no
DNS_FORWARDERS='192.76.144.66' # DNS servers of your provider,
e.g. MSN
DNS_VERBOSE='no' # log queries in
/usr/local/ens/ens.log
DOMAIN_NAME='intern' # your domain name
DNS_FORBIDDEN_N='0' # number of forbidden domains
DNS_FORBIDDEN_1='foo.bar' # 1st forbidden domain
DNS_FORBIDDEN_2='bar.foo' # 2nd forbidden domain
HOSTS_N='5' # number of hosts in your domain
HOST_1='10.0.2.2 tjener' # 1st host: ip and name
HOST_2='10.0.2.1 tux_router' # 2nd host: ip and name
HOST_3='192.168.123.200 tux_router' # 3rd host: ip and name
HOST_4='192.168.123.1 dsl_router' # 4th host: ip and name
HOST_5='192.168.123.191 pico'
#-----------------------------------------------------------------------
-------
# Special DNS configuration
#-----------------------------------------------------------------------
-------
DNS_N='0' # number of special dns servers,
normally 0
#DNS_1='firma.de 192.168.1.12' # 1st special dns server for firma.de
#DNS_2='lan.firma.de 192.168.2.12' # 2nd special dns server for
lan.firma.de
#-----------------------------------------------------------------------
-------
# imond configuration:
#-----------------------------------------------------------------------
-------
START_IMOND='no' # start imond: yes or no
IMOND_PORT='5000' # TCP-Port, see also
FIREWALL_DENY_PORT_x!
IMOND_PASS='' # imond-password, may be empty
IMOND_ADMIN_PASS='' # imond-admin-password, may be empty
IMOND_LED='' # tty for led: com1 - com4 or empty
IMOND_BEEP='no' # beep if connection going up/down
IMOND_LOG='no' # log /var/log/imond.log: yes or no
IMOND_LOGDIR='/var/log' # log-directory, e.g. /var/log
IMOND_ENABLE='yes' # accept "enable/disable" commands
IMOND_DIAL='no' # accept "dial/hangup" commands
IMOND_ROUTE='yes' # accept "route" command
IMOND_REBOOT='yes' # accept "reboot" command
#-----------------------------------------------------------------------
-------
# Generic circuit configuration:
#-----------------------------------------------------------------------
-------
IP_DYN_ADDR='no' # use dyn. ip addresses (most
providers do)
DIALMODE='off' # standard dialmode: auto, manual,
or off
#-----------------------------------------------------------------------
-------
# optional package: syslogd
#-----------------------------------------------------------------------
-------
OPT_SYSLOGD='no' # start syslogd: yes or no
SYSLOGD_DEST_N='1' # number of destinations
SYSLOGD_DEST_1='*.* /dev/console' # n'th prio & destination of syslog
msgs
SYSLOGD_DEST_2='*.* @192.168.6.2' # example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log' # example: log infos
#-----------------------------------------------------------------------
-------
# optional package: klogd
#-----------------------------------------------------------------------
-------
OPT_KLOGD='no' # start klogd: yes or no
#-----------------------------------------------------------------------
-------
# optional package: y2k correction
#-----------------------------------------------------------------------
-------
OPT_Y2K='no' # y2k correction: yes or no
Y2K_DAYS='' # correct hardware Y2K-Bug: add x days
#-----------------------------------------------------------------------
-------
# Optional package: PNP
#-----------------------------------------------------------------------
-------
OPT_PNP='no' # install isapnp tools: yes or no
Ansonsten finde ich keine Unregelmäßigkeiten.
HTH
Albrecht
Reply to: