Hej
Fint, så burde det allerede virke. For serveren ved jo godt hvilken
ip client A
har og hvordan man router data over til den. Evt. skal du ordne
nogle firewall
regler.
Tilsvarende skal client A vide hvilket netværk der sidder bag serveren.
Hmm... nå Client B, forsøger at ping Client A, for jeg følgende ud af
tcpdump -i tun0
20:49:17.407101 IP host095a.malmohus16.se > 10.8.1.1: ICMP echo
request, id 512, seq 21770, length 40
20:49:22.425134 IP host095a.malmohus16.se > 10.8.1.1: ICMP echo
request, id 512, seq 22026, length 40
host095a.malmohus16.se er min eksterne ip navn. Det burde vel være
10.45.1.100 som forsøger at nå 10.8.1.1 ??
I skal sikkert bruge min firewall regler de kommer her:
Sofie:/usr/local/firewall# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.45.1.0/24 anywhere
ACCEPT all -- 10.8.1.1 anywhere
block all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
warning prefix `[IPTABLES DROP] : '
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- 10.45.1.0/24 anywhere
block all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
warning prefix `[IPTABLES DROP] : '
Chain LOG_DROP (0 references)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
warning prefix `[IPTABLES DROP] : '
Chain block (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
------------------------------------
Sofie:/usr/local/firewall# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.45.1.0/24 !10.45.1.0/24
to:82.182.251.99
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Mvh Kenneth Dalbjerg
