________ +------------+ / +-------------+ WAN 1 +------- __ | | | / ___/ \_ +------+-------+ +------------+ | _/ \__ | ETH0 | / / \ ETH3| | +------------+ | | LAN ----- | ETH1| | | \_ __/ | Linux router |-----+ WAN 2 +----| Internet \__ __/ | | | | | \__ / | | +------------+ | -------+ ETH2 | | | ETH4 +------+-------+ +------------+ | | | | | \ | +-------------+ WAN 3 +------- | | | | | +------------+ \________ +------+-------+ DMZ +------+-------+ Funziona tutto regolarmente, ma mi rimane soltanto il problema che quando esco dalla rete LAN O DMZ per entrare in una rete VPN PPTP, rimane su "Verifica nome utente e password ecc." per poi darmi errore... allego sotto lo script in dettaglio: # ifconfig -a eth0 inet addr:10.0.0.2 Bcast:10.0.0.255 Mask:255.255.255.0 eth1 inet addr:172.168.0.2 Bcast:172.168.1.255 Mask:255.255.255.0 eth2 inet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0 eth3 inet addr:192.168.16.2 Bcast:192.168.16.255 Mask:255.255.255.0 eth4 inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 ####################### scripT ################## #! /bin/bash iptables="/sbin/iptables" ip="/sbin/ip" # SCHEDE DI RETE wan1=eth0 wan2=eth1 wan3=eth2 lan=eth3 dmz=eth4 net_lan=192.168.16.0/24 net_dmz=192.168.1.0/24 net_wan1=10.0.0.0/24 net_wan2=172.168.0.0/29 net_wan3=10.10.10.0/30 # SERVER DMZ dmz_mail=192.168.1.3 dmz_web=192.168.1.4 # GATEWAY GW1=10.0.0.1 GW2=172.168.0.1 GW3=10.10.10.1 # TABELLE T1=TELECOM T2=FASTWEB1 T3=FASTWEB2 # SERVER DMZ dmz_mail=192.168.1.3 dmz_web=192.168.1.4 # REGOLE IPROUTE ip rule add from 192.168.16.28 table $T1 ip rule add from 192.168.16.28 table $T2 ip rule add from 127.0.0.1/8 table $T2 ip route add $GW1 dev $wan1 table $T1 ip route add default dev $wan1 via $GW1 table $T1 ip route add $GW2 dev $wan2 table $T2 ip route add default dev $wan2 via $GW2 table $T2 ip route add $GW3 dev $wan3 table $T3 ip route add default dev $wan3 via $GW3 table $T3 # REGOLE IPTABLES echo "1" > /proc/sys/net/ipv4/ip_forward iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # NAT iptables -t nat -A POSTROUTING -s $net_lan -o $wan1 -j MASQUERADE iptables -t nat -A POSTROUTING -s $net_lan -o $wan2 -j MASQUERADE iptables -t nat -A POSTROUTING -s $net_lan -o $wan3 -j MASQUERADE iptables -t nat -A POSTROUTING -s $net_dmz -o $wan1 -j MASQUERADE iptables -t nat -A POSTROUTING -s $net_dmz -o $wan2 -j MASQUERADE iptables -t nat -A POSTROUTING -s $net_dmz -o $wan3 -j MASQUERADE iptables -N lan_dmz #da eth3 a eth4 iptables -N lan_wan1 #da eth3 a eth0 iptables -N lan_wan2 #da eth3 a eth1 iptables -N lan_wan3 #da eth3 a eth2 iptables -N dmz_lan #da eth4 a eth3 iptables -N dmz_wan1 #da eth4 a eth0 iptables -N dmz_wan2 #da eth4 a eth1 iptables -N dmz_wan3 #da eth4 a eth2 iptables -N wan1_lan #da eth0 a eth3 iptables -N wan1_dmz #da eth0 a eth4 iptables -N wan1_wan2 #da eth0 a eth1 iptables -N wan1_wan3 #da eth0 a eth2 iptables -N wan2_lan #da eth1 a eth3 iptables -N wan2_dmz #da eth1 a eth4 iptables -N wan3_lan #da eth2 a eth3 iptables -N wan3_dmz #da eth2 a eth4 iptables -A FORWARD -i $lan -o $dmz -j lan_dmz iptables -A FORWARD -i $lan -o $wan1 -j lan_wan1 iptables -A FORWARD -i $lan -o $wan2 -j lan_wan2 iptables -A FORWARD -i $lan -o $wan3 -j lan_wan3 iptables -A FORWARD -i $dmz -o $lan -j dmz_lan iptables -A FORWARD -i $dmz -o $wan1 -j dmz_wan1 iptables -A FORWARD -i $dmz -o $wan2 -j dmz_wan2 iptables -A FORWARD -i $dmz -o $wan3 -j dmz_wan3 iptables -A FORWARD -i $wan1 -o $lan -j wan1_lan iptables -A FORWARD -i $wan1 -o $dmz -j wan1_dmz iptables -A FORWARD -i $wan1 -o $wan2 -j wan1_wan2 iptables -A FORWARD -i $wan1 -o $wan3 -j wan1_wan3 iptables -A FORWARD -i $wan2 -o $lan -j wan2_lan iptables -A FORWARD -i $wan2 -o $dmz -j wan2_dmz iptables -A FORWARD -i $wan3 -o $lan -j wan3_lan iptables -A FORWARD -i $wan3 -o $dmz -j wan3_dmz # REGOLE LAN_DMZ iptables -A lan_dmz -s ! $net_lan -j DROP iptables -A lan_dmz -p tcp -d $dmz_mail --dport smtp -j ACCEPT iptables -A lan_dmz -p tcp -d $dmz_mail --dport pop3 -j ACCEPT iptables -A lan_dmz -p tcp -d $dmz_web --dport www -j ACCEPT iptables -A lan_dmz -p tcp -d $dmz_web --dport webcache -j ACCEPT iptables -A lan_dmz -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A lan_dmz -p tcp -j REJECT --reject-with tcp-reset # REGOLE LAN_WAN1 iptables -A lan_wan1 -s ! $net_lan -j DROP iptables -A lan_wan1 -p tcp --dport ftp -j ACCEPT iptables -A lan_wan1 -p tcp --dport www -j ACCEPT iptables -A lan_wan1 -p tcp --dport https -j ACCEPT iptables -A lan_wan1 -p tcp --dport domain -j ACCEPT iptables -A lan_wan1 -p udp --dport domain -j ACCEPT iptables -A lan_wan1 -p tcp --dport smtp -j ACCEPT iptables -A lan_wan1 -p tcp --dport pop3 -j ACCEPT iptables -A lan_wan1 -p tcp --dport pptp -j ACCEPT #IL MIO PROBLEMA È QUI# iptables -A lan_wan1 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A lan_wan1 -p tcp -j REJECT --reject-with tcp-reset iptables -A lan_wan1 -p icmp --icmp-type echo-request -j ACCEPT # REGOLE LAN_WAN2 iptables -A lan_wan2 -s ! $net_lan -j DROP iptables -A lan_wan2 -p tcp --dport ftp -j ACCEPT iptables -A lan_wan2 -p tcp --dport www -j ACCEPT iptables -A lan_wan2 -p tcp --dport https -j ACCEPT iptables -A lan_wan2 -p tcp --dport domain -j ACCEPT iptables -A lan_wan2 -p udp --dport domain -j ACCEPT iptables -A lan_wan2 -p tcp --dport smtp -j ACCEPT iptables -A lan_wan2 -p tcp --dport pop3 -j ACCEPT iptables -A lan_wan2 -p tcp --dport pptp -j ACCEPT #IL MIO PROBLEMA È QUI# iptables -A lan_wan2 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A lan_wan2 -p tcp -j REJECT --reject-with tcp-reset # REGOLE LAN_WAN3 iptables -A lan_wan3 -s ! $net_lan -j DROP iptables -A lan_wan3 -p tcp --dport ftp -j ACCEPT iptables -A lan_wan3 -p tcp --dport www -j ACCEPT iptables -A lan_wan3 -p tcp --dport https -j ACCEPT iptables -A lan_wan3 -p tcp --dport domain -j ACCEPT iptables -A lan_wan3 -p udp --dport domain -j ACCEPT iptables -A lan_wan3 -p tcp --dport smtp -j ACCEPT iptables -A lan_wan3 -p tcp --dport pop3 -j ACCEPT iptables -A lan_wan3 -p tcp --dport pptp -j ACCEPT #IL MIO PROBLEMA È QUI# iptables -A lan_wan3 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A lan_wan3 -p tcp -j REJECT --reject-with tcp-reset # REGOLE WAN1_LAN iptables -A wan1_lan -s $net_lan -j DROP iptables -A wan1_lan -s $net_dmz -j DROP iptables -A wan1_lan -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A wan1_lan -p tcp -j REJECT --reject-with tcp-reset # REGOLE WAN2_LAN iptables -A wan2_lan -s $net_lan -j DROP iptables -A wan2_lan -s $net_dmz -j DROP iptables -A wan2_lan -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A wan2_lan -p tcp -j REJECT --reject-with tcp-reset # REGOLE WAN3_LAN iptables -A wan3_lan -s $net_lan -j DROP iptables -A wan3_lan -s $net_dmz -j DROP iptables -A wan3_lan -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A wan3_lan -p tcp -j REJECT --reject-with tcp-reset ######################################################################################### Grazie in anticipo a tutti, Marco
----
Email.it, the professional e-mail, gratis per te:clicca qui
Sponsor:
Scopri Premia di Fiditalia, il primo prestito con 11 rate all'anno
Clicca qui