[matarosensefils] Salutacions i ajuda

Oscar Hernandez oscar.hernandez a gmail.com
dim abr 26 12:37:39 CEST 2005 

Hola, 

Acabo d'entrar i saludo a tots el han fer posible la iniciativa de la idea 
de les xarxes urbanes lliures. 

De fet estic pensant ficarme al mundillo tot i que he provat de fer algun 
intent he aconseguit fer anar un linux com a gateway amb iptables, tot i que 
em falta poder enrutar entre les subxarxes privades
192.168.1.0/24<http://192.168.1.0/24>,
192.168.2.0/24 <http://192.168.2.0/24> i 192.168.3.0/24<http://192.168.3.0/24>. 


No se si no he buscat prou per`o no he trobat un exemple com el meu, tots es 
queden o am masquerading sobre una /24 privada o be son massa complexos amb 
zebra iproute 2 i tal. 

Ja habia estat ficant post al foro directe pero emb va donar error, el 
missatge en q¨uesti´o es aquest: 

----------------
Hola tinc un linux fent de router entre la adsl i 3 subxarxes, 
192.168.1.0/24 <http://192.168.1.0/24>, 192.168.2.0/24<http://192.168.2.0/24>, 
192.168.3.0/24 <http://192.168.3.0/24>
El linux es una debian amb un kernel 2.6.9 amb ipforwardig activat: 
debian:~# cat /proc/sys/net/ipv4/ip_forward
1
debian:~# cat /etc/network/options
ip_forward=yes
spoofprotect=yes
syncookies=no
debian:~#

Tinc tambe iptables configurades de la seguent forma: 
Chain INPUT (policy DROP)
target prot opt source destination 
bad_tcp_packets tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> 
ACCEPT all -- 192.168.1.0/24 <http://192.168.1.0/24>
0.0.0.0/0<http://0.0.0.0/0>
ACCEPT all -- 192.168.2.0/24 <http://192.168.2.0/24>
0.0.0.0/0<http://0.0.0.0/0>
ACCEPT all -- 192.168.3.0/24 <http://192.168.3.0/24>
0.0.0.0/0<http://0.0.0.0/0>
ACCEPT all -- 127.0.0.1 <http://127.0.0.1> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> udp 
spt:68 dpt:67 
ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> udp 
spt:68 dpt:67 
ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> udp 
spt:68 dpt:67 
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 80.x.x.a state 
RELATED,ESTABLISHED 
tcp_packets tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 
udp_packets udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 
icmp_packets icmp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> 
LOG all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> limit: 
avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: ' 

Chain FORWARD (policy DROP)
target prot opt source destination 
bad_tcp_packets tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> 
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>state RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> limit: 
avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: ' 

Chain OUTPUT (policy DROP)
target prot opt source destination 
bad_tcp_packets tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> 
ACCEPT all -- 127.0.0.1 <http://127.0.0.1> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 80.x.x.a 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 192.168.1.1 <http://192.168.1.1> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 192.168.2.1 <http://192.168.2.1> 0.0.0.0/0 <http://0.0.0.0/0> 
ACCEPT all -- 192.168.3.1 <http://192.168.3.1> 0.0.0.0/0 <http://0.0.0.0/0> 
LOG all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> limit: 
avg 3/min burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: ' 

Chain allowed (1 references)
target prot opt source destination 
ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
flags:0x16/0x02 limit: avg 1/sec burst 5 
ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
flags:0x17/0x04 limit: avg 1/sec burst 5 
ACCEPT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0
<http://0.0.0.0/0>state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> 

Chain bad_tcp_packets (3 references)
target prot opt source destination 
REJECT tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
flags:0x12/0x12 state NEW reject-with tcp-reset 
LOG tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
flags:!0x16/0x02 state NEW LOG flags 0 level 4 prefix `New not syn:' 
DROP tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
flags:!0x16/0x02 state NEW 

Chain icmp_packets (1 references)
target prot opt source destination 
ACCEPT icmp -- 192.168.0.0/16 <http://192.168.0.0/16>
0.0.0.0/0<http://0.0.0.0/0>icmp type 8 limit: avg 1/sec burst 5
DROP icmp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> icmp 
type 8 limit: avg 1/sec burst 5 

Chain tcp_packets (1 references)
target prot opt source destination 
allowed tcp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> tcp 
dpt:4662 

Chain udp_packets (1 references)
target prot opt source destination 
ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> udp 
dpt:4672 
ACCEPT udp -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> udp 
dpt:53


Finalment : 
debian:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 <http://192.168.3.0> 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>U 0 0 0 eth3
192.168.2.0 <http://192.168.2.0> 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>U 0 0 0 eth2
192.168.1.0 <http://192.168.1.0> 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>U 0 0 0 eth1
80.x.x.0 0.0.0.0 <http://0.0.0.0> 255.255.255.0 <http://255.255.255.0> U 0 0 
0 eth0
0.0.0.0 <http://0.0.0.0> 80.x.x.1 0.0.0.0 <http://0.0.0.0> UG 0 0 0 eth0
debian:~#
Es una debian sarge. 
Si faig ping des de el linux cap a qualsevol xarxa o jost em funciona, pero 
des de una subxarxa a una altra no hi ha resposta, 
he arribat a pasar ethereal sobre un client hi tocant el route add -net y 
tal he aconseguit fer que hi arribin pakets al desti 
pero el desti fa drop, els host estan a la /24 igual que el linux. 
Si algu hoi te fet si us plau poseume la vostra configuracio a partir del 
iptables -nL, route -n i tal
Gr`acies
------------------------
-------------- part següent --------------
Un document HTML ha estat eliminat...
URL: <http://llistes.anem.be/pipermail/llista_matarosensefils.net/attachments/20050426/f4368f33/attachment.html>
-------------- part següent --------------
 
 
 ( ( ( ( || ) ) ) ) 
         ||
         ||
Comunitat Sensefils de Mataró
www.ilurowireless.net - www.matarosensefils.net - www.matarowireless.net

Per donar-te de baixa de la llista escriu un correu a llista-request a matarosensefils.net amb unsubscribe en el títol o el cos del missatge
Adreça de la llista: http://lists.rinho.com/cgi-bin/mailman//listinfo/llista

Més informació sobre la llista de correu llista_matarosensefils.net