Нужна помощь
Есть 2 сервера с 2-мя интервейсами на каждом ОС Ubuntu 10.04
VPN поднят при помощи xl2tpd
Проблема заключается в маршрутизации между 2-мя внутренними сетями, сеть видит только сам сервер но не видит остальные машины внутри сеть
Настройки
Сервер 1(VPN сервер):
~$ ifconfig
eth0 Link encap:Ethernet
inet addr:81.11.22.66 Bcast:81.11.22.79 Mask:255.255.255.240
inet6 addr: fe80::20c:29ff:fe57:23ba/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:245107 errors:0 dropped:0 overruns:0 frame:0
TX packets:221639 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:75234337 (75.2 MB) TX bytes:40800628 (40.8 MB)eth1 Link encap:Ethernet
inet addr:10.35.100.254 Bcast:10.35.99.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe57:23c4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:207025 errors:0 dropped:0 overruns:0 frame:0
TX packets:199932 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:38097327 (38.0 MB) TX bytes:41498165 (41.4 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:563 errors:0 dropped:0 overruns:0 frame:0
TX packets:563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:63390 (63.3 KB) TX bytes:63390 (63.3 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.35.0.254 P-t-P:10.35.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1
RX packets:104 errors:1 dropped:0 overruns:0 frame:0
TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:7014 (7.0 KB) TX bytes:4481 (4.4 KB)
прописанные маршруты
~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
81.11.22.64 0.0.0.0 255.255.255.240 U 0 0 0 eth0
10.35.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.35.0.0 10.35.0.254 255.255.255.0 UG 0 0 0 ppp0
10.35.99.0 10.35.0.254 255.255.255.0 UG 0 0 0 ppp0
0.0.0.0 81.11.22.65 0.0.0.0 UG 0 0 0 eth0
файервол
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (0 references)
target prot opt source destination
iptables-save
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:19:52 2011
*mangle
:PREROUTING ACCEPT [410556:105035747]
:INPUT ACCEPT [337743:65221359]
:FORWARD ACCEPT [72772:39808411]
:OUTPUT ACCEPT [333116:36287977]
:POSTROUTING ACCEPT [405887:76096264]
COMMIT
# Completed on Wed Jun 8 13:19:52 2011
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:19:52 2011
*filter
:INPUT ACCEPT [337647:65209491]
:FORWARD ACCEPT [125:11064]
:OUTPUT ACCEPT [333115:36287853]
:fail2ban-ssh - [0:0]
-A FORWARD -j ACCEPT
COMMIT
# Completed on Wed Jun 8 13:19:52 2011
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:19:52 2011
*nat
:PREROUTING ACCEPT [124940:8716744]
:POSTROUTING ACCEPT [139709:10812744]
:OUTPUT ACCEPT [139691:10811220]
-A POSTROUTING -s 10.35.100.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jun 8 13:19:52 2011
На втором сервере
crash@ns:~$ ifconfig
eth0 Link encap:Ethernet
inet addr:77.1.11.34 Bcast:77.1.11.255 Mask:255.255.255.0
inet6 addr: fe80::216:76ff:fe38:f608/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:140536558 errors:0 dropped:0 overruns:0 frame:0
TX packets:128553344 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:60726274693 (60.7 GB) TX bytes:41365990911 (41.3 GB)
Память:48100000-48120000
eth1 Link encap:Ethernet
inet addr:10.35.99.254 Bcast:10.35.99.255 Mask:255.255.255.0
inet6 addr: fe80::216:76ff:fe38:f609/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60376409 errors:4 dropped:0 overruns:0 frame:2
TX packets:82091518 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11874149041 (11.8 GB) TX bytes:79826498355 (79.8 GB)
lo Link encap:Локальная петля (Loopback)
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23522883 errors:0 dropped:0 overruns:0 frame:0
TX packets:23522883 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27671583898 (27.6 GB) TX bytes:27671583898 (27.6 GB)
ppp0 Link encap:Протокол PPP (Point-to-Point Protocol)
inet addr:10.35.0.1 P-t-P:10.35.0.254 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1410 Metric:1
RX packets:59 errors:1 dropped:0 overruns:0 frame:0
TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:4476 (4.4 KB) TX bytes:7471 (7.4 KB)
netstat -nr
Таблица маршутизации ядра протокола IP
Destination Gateway Genmask Flags MSS Window irtt Iface
10.35.100.0 10.35.0.1 255.255.255.0 UG 0 0 0 ppp0
10.35.0.0 10.35.0.1 255.255.255.0 UG 0 0 0 ppp0
10.35.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
77.1.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 77.1.11.33 0.0.0.0 UG 0 0 0 eth0
iptables -L
[sudo] password for crash:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0 nlgroup 1 queue_threshold 1
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ULOG all -- anywhere anywhere ULOG copy_range 0 nlgroup 1 queue_threshold 1
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:3389
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0 nlgroup 1 queue_threshold 1
iptables-save
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:39:23 2011
*mangle
:PREROUTING ACCEPT [224405343:97636159213]
:INPUT ACCEPT [169067831:69388312820]
:FORWARD ACCEPT [54068833:28034064180]
:OUTPUT ACCEPT [148893009:117525329222]
:POSTROUTING ACCEPT [206735194:146137100429]
COMMIT
# Completed on Wed Jun 8 13:39:23 2011
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:39:23 2011
*filter
:INPUT ACCEPT [145553645:41716946360]
:FORWARD ACCEPT [65:5034]
:OUTPUT ACCEPT [148893009:117525329222]
-A INPUT -j ULOG
-A INPUT -i lo -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j ULOG
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3389 -j ACCEPT
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -j ULOG
COMMIT
# Completed on Wed Jun 8 13:39:23 2011
# Generated by iptables-save v1.4.4 on Wed Jun 8 13:39:23 2011
*nat
:PREROUTING ACCEPT [4158771:280817469]
:POSTROUTING ACCEPT [3204030:214342075]
:OUTPUT ACCEPT [3204016:214340899]
-A PREROUTING ! -d 10.35.99.0/24 -i eth1 -p tcp -m multiport --dports 80,8080 -j DNAT --to-destination 10.35.99.254:8081
-A PREROUTING -d 77.1.11.35/32 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 10.35.99.100:3389
-A POSTROUTING -s 10.35.99.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -d 10.35.99.100/32 -p tcp -m tcp --dport 3389 -j SNAT --to-source 77.1.11.35
COMMIT
# Completed on Wed Jun 8 13:39:23 2011
ИЗ сети 10.35.99.0 видно только 10.35.100.254 а остальные машины не пингуются
в Обратную сторону из 10.35.100.0 видно только 10.35.99.254 а остальные не видны
Нужно что бы сети видели друг-друга
Спасибо