Zdravstvuj mnogouvazhajemyj ALL!!!
Pozvol obratitsa k tebe so sledujushim voprosom.
Est korp. set, i est dve malenkije seti dlia firm kotorym my predostavlajem internet:____________
| |
| SubNet1 |----------|
|___________| |
|
_____|_____ ____________ __________
| | | | | |
| router1 |------| KorpNet |------| gate1 |
|__________| |___________| |_________|
|
|
|
____________ |
| | |
| SubNet2 |----------|
|___________|SubNet1 - 192.168.111.0/24, SubNet2 - 192.168.112.0/24, KorpNet - 10.0.1.0/22
^^eth1 ^^eth2 ^^eth0
Na router1 begajet Debian 3.1 iptables (NAT) i kesh. DNS.
Nat rabotajet ok. Vopros stoit tak - jesli ja xochu chtoby SubNet1 i Subnet2 mogli
dostat do tolko do konkretnych serverov v KorpNet, to nado sdelat chtoto takoje kak:
route add -host 10.0.1.5 netmask 255.255.255.255 gw 10.0.1.10 i eth0
? Ili dolzhno xvatit prosto pravila v FORWARD?
Pasibki.
Sam razobralsa.
routing ne nado delat.
chvatit iptables -A FORWARD -o eth0 -s SubNet1 -d serverIP -j ACCEPT
i pravila dlia ESTABLISHED traffica