Re: [問題] switch可以這樣用嗎?
Fig.1
in1
---- /
out in | |--- in2
__ C___ _| S |--- in3
|____|\
\ in4
out:10.xxx.yyy.zzz in:192.xxx.yyy.200
in1:192.xxx.yyy.1 in2:192.xxx.yyy.2
in3:192.xxx.yyy.3 in4:192.xxx.yyy.4
Fig.2
ina2
---- /
out | |--- inb2
______| S |--- inb1
|____|\ |
\ |
ina1 C
out:10.xxx.yyy.zzz
ina1:10.xxx.yyy.1 inb1:20.xxx.yyy.1
ina2:10.xxx.yyy.2 inb2:20.xxx.yyy.2
之前我在板上問是否switch可以改成Fig.2的架構,而不是用
一般架NAT的架構Fig.1,其中C代表NAT server,S代表switch
後來我架設成功,也用了好幾個月。在此我貢獻我的iptable
給iptable的新手,OS是Fedora16:
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth+ -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth+ -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport (open port) -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -o eth+ -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
--
※ 發信站: 批踢踢實業坊(ptt.cc)
※ 編輯: ringballer 來自: 123.194.204.232 (08/11 00:00)
討論串 (同標題文章)
完整討論串 (本文為第 2 之 2 篇):
問題
0
10