[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian als Gateway, nur wie?



Hallo

> - IP_FORWARD
> - Routing
> - Tunnelaufbau
> - Packetfilterung


> All das kann man prüfen.

> 1. cat /proc/sys/net/ipv4/ip_forward
>   (sollte 1 ergeben)
> 2. rpute -n
> 3. tail /var/logmessages, auth, syslog, ...
> 4. iptables-save -c

Also das hatte ich bereits aktiviert: ip_forward=1

Jetzt habe ich an iptables und dem routing nicht geändert, 
da ich mir nicht mehr sicher bin was genua hineingehört.
Der VPN Tunnel lauft orgdnusgemäss, ich kann im Moment 
nur die Verbindung von einem Client zu Server selber verschlüsseln.

Und hier sind die oberen Tests

-----------------------------------------------------------------
# Generated by iptables-save v1.2.11 on Wed Mar  2 13:25:33 2005
*mangle
:PREROUTING ACCEPT [2828:366520]
:INPUT ACCEPT [1544:198437]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [269:21531]
:POSTROUTING ACCEPT [269:21531]
COMMIT
# Completed on Wed Mar  2 13:25:33 2005
# Generated by iptables-save v1.2.11 on Wed Mar  2 13:25:33 2005
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j LOG
[0:0] -A INPUT -s 127.0.0.0/255.0.0.0 -i ! lo -j DROP
[7:895] -A INPUT -d 255.255.255.255 -i eth1 -j ACCEPT
[1354:179188] -A INPUT -s 192.168.10.0/255.255.255.0 -i eth1 -j ACCEPT
[0:0] -A INPUT -d 224.0.0.0/240.0.0.0 -i eth1 -p ! tcp -j ACCEPT
[0:0] -A INPUT -s 192.168.10.0/255.255.255.0 -i eth0 -j LOG
[0:0] -A INPUT -s 192.168.10.0/255.255.255.0 -i eth0 -j DROP
[1:350] -A INPUT -d 255.255.255.255 -i eth0 -j ACCEPT
[45:8136] -A INPUT -d 192.168.21.97 -i eth0 -j ACCEPT
[0:0] -A INPUT -d 192.168.10.255 -i eth0 -j ACCEPT
[142:10224] -A INPUT -j LOG
[142:10224] -A INPUT -j DROP
[0:0] -A FORWARD -s 192.168.10.0/255.255.255.0 -i eth1 -o eth0 -j ACCEPT
[0:0] -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -d 192.168.10.0/255.255.255.0 -o eth0 -j LOG
[0:0] -A FORWARD -d 192.168.10.0/255.255.255.0 -o eth0 -j DROP
[0:0] -A FORWARD -j LOG
[0:0] -A FORWARD -j DROP
[0:0] -A OUTPUT -o lo -j ACCEPT
[0:0] -A OUTPUT -d 255.255.255.255 -o eth1 -j ACCEPT
[266:20623] -A OUTPUT -d 192.168.10.0/255.255.255.0 -o eth1 -j ACCEPT
[0:0] -A OUTPUT -d 224.0.0.0/240.0.0.0 -o eth1 -p ! tcp -j ACCEPT
[0:0] -A OUTPUT -d 192.168.10.0/255.255.255.0 -o eth0 -j LOG
[0:0] -A OUTPUT -d 192.168.10.0/255.255.255.0 -o eth0 -j DROP
[0:0] -A OUTPUT -d 255.255.255.255 -o eth0 -j ACCEPT
[12:1944] -A OUTPUT -s 192.168.21.97 -o eth0 -j ACCEPT
[0:0] -A OUTPUT -s 192.168.10.255 -o eth0 -j ACCEPT
[0:0] -A OUTPUT -j LOG
[0:0] -A OUTPUT -j DROP
COMMIT
# Completed on Wed Mar  2 13:25:33 2005
# Generated by iptables-save v1.2.11 on Wed Mar  2 13:25:33 2005
*nat
:PREROUTING ACCEPT [1542:256928]
:POSTROUTING ACCEPT [4:283]
:OUTPUT ACCEPT [4:283]
[0:0] -A POSTROUTING -s 192.168.10.0/255.255.255.0 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Mar  2 13:25:33 2005
-----------------------------------------------------------------
route -n
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
192.168.21.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         192.168.21.44   0.0.0.0         UG    0      0        0 eth0
-----------------------------------------------------------------
tail messages
Mar  2 13:31:57 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8043 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:32:27 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8045 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:32:41 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8046 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:32:58 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8047 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:33:28 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8048 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:33:58 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8049 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:34:28 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8050 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:34:58 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8051 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:35:28 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8052 PROTO=UDP SPT=520 DPT=520 LEN=52
Mar  2 13:35:58 debvpn kernel: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:a0:c5:46:16:5a:08:00 SRC=192.168.21.44 DST=192.168.21.255 LEN=72 TOS=0x00 PREC=0x00 TTL=1 ID=8053 PROTO=UDP SPT=520 DPT=520 LEN=52 



Reply to: