sslug-teknik team mailing list archive

[Kenneth Dalbjerg <Dalbjerg@xxxxxxxxxxxxx>]

Hej

> Fint, så burde det allerede virke. For serveren ved jo godt hvilken  
> ip client A
> har og hvordan man router data over til den. Evt. skal du ordne nogle  
> firewall
> regler.
>
> Tilsvarende skal client A vide hvilket netværk der sidder bag serveren.


Hmm... nå Client B, forsøger at ping Client A, for jeg følgende ud af 
tcpdump -i tun0

20:49:17.407101 IP host095a.malmohus16.se > 10.8.1.1: ICMP echo request, 
id 512,    seq 21770, length 40
20:49:22.425134 IP host095a.malmohus16.se > 10.8.1.1: ICMP echo request, 
id 512,    seq 22026, length 40


host095a.malmohus16.se er min eksterne ip navn. Det burde vel være 
10.45.1.100 som forsøger at nå 10.8.1.1 ??



I skal sikkert bruge min firewall regler de kommer her:
Sofie:/usr/local/firewall# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  10.45.1.0/24         anywhere
ACCEPT     all  --  10.8.1.1             anywhere
block      all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
warning prefix `[IPTABLES DROP] : '

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  10.45.1.0/24         anywhere
block      all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
warning prefix `[IPTABLES DROP] : '

Chain LOG_DROP (0 references)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level 
warning prefix `[IPTABLES DROP] : '

Chain block (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED

------------------------------------

Sofie:/usr/local/firewall# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  10.45.1.0/24        !10.45.1.0/24        
to:82.182.251.99

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination




Mvh Kenneth Dalbjerg