[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Integration in bestehendes Netz

Hallo Dirk!

Bist du dir sicher, dass man fli4l als Gateway einsetzen kann?
Meines Wissens kann man den nur als Router einsetzen. Wenn du ein Gateway haben willst, kannst du glaube ich 'eisfair' oder 'Coyote Linux' nehmen.
Ich setze zuHause 'fli4l' als ISDN-Pouter ein: ohne Probleme. Und in der Schule habe ich Skoleinux mit einem Coyote Gateway angebunden: ebenfalls nicht das geringste Problem. 

Gruß
Stefan Padberg, Wuppertal


Dirk Wenzel schrieb:


Am 03.12.2004 um 15:14 schrieb Ralf Gesel|ensetter:


Am Freitag, 3. Dezember 2004 14:54 schrieb Dirk Wenzel:


Portforwarding ist aktiviert. Möglicherweise sind die Einstellungen
aber nicht richtig.



AFAIK ist das etwas anderes als IP-Forwarding: Beim Port-Forwarding  wird
die Orig-IP weiter maskiert, der Router tut je nach Port nach außen so
als sei er Server A oder B.
Du wirst wohl recht haben. Ich poste einfach mal die Konfigurationsdatei des tux_routers. Vielleicht fällt jemandem was auf.
Hinweis: Header gekürzt, nicht verwendete Einträge für Kartentreiber entfernt. ##---------------------------------------------------------------------- ------- 
## base.txt - fli4l configuration parameters                       2.0.8
## Copyright (c) 2001-2002 Frank Meyer <frank@fli4l.de>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##---------------------------------------------------------------------- -------
#----------------------------------------------------------------------- ------- 
# General settings:
#----------------------------------------------------------------------- ------- 
HOSTNAME='tux_router'                # name of fli4l router
PASSWORD='*****'                # password for telnetd, ftpd and sshd
MOUNT_BOOT='rw'                 # mount boot device (floppy): ro, rw, no

RAMSIZE='4096'                  # size of ramdisk for unzipped opt.tgz
# the variables MOUNT_OPT, PART_OPT and UPDATE_MODE will be ignored if
# RAMSIZE is not empty. see docu
MOUNT_OPT='ro'                  # mount opt device: ro, rw
PART_OPT='hda2' # location of opt-files? ram1 or disk-partition 
UPDATE_MODE='full'              # add, cfg, full, none, see  documentation
#----------------------------------------------------------------------- ------- 
# Ethernet card drivers:
# uncomment your ethernet card
#----------------------------------------------------------------------- ------- ETH_DRV_N='2' # number of ethernet drivers to load, usually 1 
3c59x,3c900,3c905
ETH_DRV_2='ne2k-pci'           # PCI: NE2000 PCI clone (eg. Realtek  8029,
                                # Winbond 89c940)
ETH_DRV_1_OPTION='' # additional option, e.g. 'io=0x340' for ne ETH_DRV_2_OPTION='' # additional option, e.g. 'io=0x340' for ne
#----------------------------------------------------------------------- ------- 
# Ether networks used with IP protocol:
#----------------------------------------------------------------------- ------- IP_ETH_N='2' # number of ip ethernet networks, usually 1 

IP_ETH_1_NAME=''
IP_ETH_1_IPADDR='192.168.123.200' # IP address of your n'th ethernet card 
IP_ETH_1_NETWORK='192.168.123.0'      # network of your LAN
IP_ETH_1_NETMASK='255.255.255.0'    # netmask of your LAN
IP_ETH_2_NAME='' # optional: other device name than ethX 
IP_ETH_2_IPADDR='10.0.2.1'       # IP address of your n'th ethernet card
IP_ETH_2_NETWORK='10.0.2.0'      # network of your LAN
IP_ETH_2_NETMASK='255.255.254.0'    # netmask of your LAN
#----------------------------------------------------------------------- ------- 
# Additional routes, optional
#----------------------------------------------------------------------- ------- IP_DEFAULT_GATEWAY='192.168.123.1' # normally not used, read documentation! 
IP_ROUTE_N='0'                      # number of additional routes
IP_ROUTE_1='10.0.2.0 255.255.254.0 10.0.2.1' # network netmask gateway
IP_ROUTE_2='192.168.123.0 255.255.255.0 192.168.123.200' # network netmask gateway
#----------------------------------------------------------------------- ------- 
# Masquerading:
#----------------------------------------------------------------------- ------- 
MASQ_NETWORK=''       # networks to masquerade (e.g. our LAN)
MASQ_MODULE_N='1' # load n masq modules (default: only ftp) 
MASQ_MODULE_1='ftp'                 # ftp
MASQ_MODULE_2='h323'                # h323 (netmeeting)
MASQ_MODULE_3='icq'                 # icq (use with caution!)
MASQ_MODULE_4='irc'                 # irc
MASQ_MODULE_5='raudio'              # raudio
MASQ_MODULE_6='vdolive'             # vdolive
MASQ_MODULE_7='quake'               # quake
MASQ_MODULE_8='cuseeme'             # cuseeme
MASQ_MODULE_9='mms'                 # MSN-Filetransfer
MASQ_MODULE_10='pptp'               # pptp
MASQ_MODULE_11='ipsec'              # ipsec
MASQ_MODULE_12='dplay'              # dplay (direct play)
MASQ_MODULE_13='msn-0.02'           # msn zone (use version 0.01 or  0.02)
MASQ_MODULE_14='udp_dloose' # pseudo mod: some internet games need it
MASQ_FTP_PORT_N='0' # using ftp masq-module on different ports 
MASQ_FTP_PORT_1='21'                # standard ftp port
MASQ_FTP_PORT_2='2021'              # additional port
#----------------------------------------------------------------------- ------- 
# Optional package: PORTFW
#
# If you set OPT_PORTFW='yes', you can also edit opt/etc/portfw.sh
#----------------------------------------------------------------------- ------- OPT_PORTFW='yes' # install port forwarding tools/modules 
PORTFW_N='0'                        # how many portforwardings to set up
PORTFW_1='8080 192.168.6.15:80 tcp' # sample 1: forward ext. port 8080 to int. # host 192.168.6.15 to port 80 (use tcp) PORTFW_2='3000-3010 192.168.6.15 tcp' # sample 2: forward portrange to int. host 
                                    # 192.168.5.15 (use tcp)
#----------------------------------------------------------------------- ------- 
# Routing without masquerading
#----------------------------------------------------------------------- ------- ROUTE_NETWORK='' # optional: route from/to network, no masq
#----------------------------------------------------------------------- ------- 
# Routing: internal hosts to deny forwarding
#----------------------------------------------------------------------- ------- 
FORWARD_DENY_HOST_N='0'             # number of denied hosts
FORWARD_DENY_HOST_1='192.168.6.5'   # optional: 1st denied host
FORWARD_DENY_HOST_2='192.168.6.6'   # optional: 2nd denied host
#----------------------------------------------------------------------- ------- 
# Routing: ports to reject/deny forwarding (from inside and outside!)
#----------------------------------------------------------------------- ------- FORWARD_DENY_PORT_N='1' # no. of ports to reject/deny forwarding FORWARD_DENY_PORT_1='137:139 REJECT' # deny/reject forwarding of netbios FORWARD_TRUSTED_NETS='192.168.123.0/24 10.0.2.0/23' # but allow forwarding between LANs
#----------------------------------------------------------------------- ------- 
# Firewall: ports to reject/deny from outside (all served ports)
#
# here we leave two ports untouched:
#
#  53 dns
# 113 auth
#----------------------------------------------------------------------- ------- 
FIREWALL_DENY_PORT_N='6'                # no. of ports to reject/deny
FIREWALL_DENY_PORT_1='0:52      REJECT' # privileged ports: reject or  deny
FIREWALL_DENY_PORT_2='54:112    REJECT' # privileged ports: reject or  deny
FIREWALL_DENY_PORT_3='114:1023  REJECT' # privileged ports: reject or  deny
FIREWALL_DENY_PORT_4='5000:5001 REJECT' # imond/telmond ports: reject or deny 
FIREWALL_DENY_PORT_5='8000      REJECT' # proxy access: reject or deny
FIREWALL_DENY_PORT_6='20012 REJECT' # vbox server access: reject or deny 

FIREWALL_DENY_ICMP='no'                 # deny icmp (ping): yes or no
FIREWALL_LOG='yes' # log access to rejected/denied ports
#----------------------------------------------------------------------- ------- 
# Domain configuration:
#----------------------------------------------------------------------- ------- 
START_DNS='yes'                     # start dns server: yes or no
DNS_FORWARDERS='192.76.144.66' # DNS servers of your provider, e.g. MSN DNS_VERBOSE='no' # log queries in /usr/local/ens/ens.log 
DOMAIN_NAME='intern'             # your domain name
DNS_FORBIDDEN_N='0'                 # number of forbidden domains
DNS_FORBIDDEN_1='foo.bar'           # 1st forbidden domain
DNS_FORBIDDEN_2='bar.foo'           # 2nd forbidden domain
HOSTS_N='5'                         # number of hosts in your domain
HOST_1='10.0.2.2 tjener'          # 1st host: ip and name
HOST_2='10.0.2.1 tux_router'        # 2nd host: ip and name
HOST_3='192.168.123.200 tux_router'        # 3rd host: ip and name
HOST_4='192.168.123.1 dsl_router'        # 4th host: ip and name
HOST_5='192.168.123.191 pico'
#----------------------------------------------------------------------- ------- 
# Special DNS configuration
#----------------------------------------------------------------------- ------- DNS_N='0' # number of special dns servers, normally 0 
#DNS_1='firma.de 192.168.1.12'      # 1st special dns server for  firma.de
#DNS_2='lan.firma.de 192.168.2.12' # 2nd special dns server for lan.firma.de
#----------------------------------------------------------------------- ------- 
# imond configuration:
#----------------------------------------------------------------------- ------- 
START_IMOND='no'                    # start imond: yes or no
IMOND_PORT='5000' # TCP-Port, see also FIREWALL_DENY_PORT_x! 
IMOND_PASS=''                       # imond-password, may be empty
IMOND_ADMIN_PASS=''                 # imond-admin-password, may be empty
IMOND_LED=''                        # tty for led: com1 - com4 or empty
IMOND_BEEP='no'                     # beep if connection going up/down
IMOND_LOG='no'                      # log /var/log/imond.log: yes or no
IMOND_LOGDIR='/var/log'             # log-directory, e.g. /var/log
IMOND_ENABLE='yes'                  # accept "enable/disable" commands
IMOND_DIAL='no'                    # accept "dial/hangup" commands
IMOND_ROUTE='yes'                   # accept "route" command
IMOND_REBOOT='yes'                  # accept "reboot" command
#----------------------------------------------------------------------- ------- 
# Generic circuit configuration:
#----------------------------------------------------------------------- ------- IP_DYN_ADDR='no' # use dyn. ip addresses (most providers do) DIALMODE='off' # standard dialmode: auto, manual, or off
#----------------------------------------------------------------------- ------- 
# optional package: syslogd
#----------------------------------------------------------------------- ------- 
OPT_SYSLOGD='no'                    # start syslogd: yes or no
SYSLOGD_DEST_N='1'                  # number of destinations
SYSLOGD_DEST_1='*.* /dev/console' # n'th prio & destination of syslog msgs 
SYSLOGD_DEST_2='*.* @192.168.6.2'   # example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log'    # example: log infos
#----------------------------------------------------------------------- ------- 
# optional package: klogd
#----------------------------------------------------------------------- ------- 
OPT_KLOGD='no'                      # start klogd: yes or no
#----------------------------------------------------------------------- ------- 
# optional package: y2k correction
#----------------------------------------------------------------------- ------- 
OPT_Y2K='no'                        # y2k correction: yes or no
Y2K_DAYS=''                         # correct hardware Y2K-Bug: add x  days
#----------------------------------------------------------------------- ------- 
# Optional package: PNP
#----------------------------------------------------------------------- ------- 
OPT_PNP='no'                        # install isapnp tools: yes or no
Reply to: