[fli4l] Internetzugang nur aus einem Subnet moeglich
Martin Hans
martin.hans at directbox.com
Di Jan 29 14:46:00 CET 2013
Servus,
mit folgender Konfiguration kommen nur Clients aus dem Netz IP_NET_1 ins
Internet, der Rest nicht. Warum?
Danke!
Martin
## base.txt - fli4l configuration parameters 3.6.2
IP_NET_N='4'
IP_NET_1='192.168.16.2/24'
IP_NET_1_DEV='eth0'
...
IP_NET_4='62.157.127.147/29'
IP_NET_4_DEV='eth3'
IP_ROUTE_N='4'
IP_ROUTE_1='0.0.0.0/0 62.157.127.145'
IP_ROUTE_2='192.168.13.0/24 192.168.16.1
IP_ROUTE_3='192.168.14.0/24 192.168.16.1'
IP_ROUTE_4='192.168.15.0/24 192.168.16.1'
PF_NEW_CONFIG='yes' # new style packet filter config
...
PF_INPUT_N='10'
PF_INPUT_1='IP_NET_1 ACCEPT'
PF_INPUT_2='IP_NET_3 ACCEPT'
PF_INPUT_3='IP_NET_4 ACCEPT'
...
PF_INPUT_9='192.168.0.0/16 ACCEPT'
PF_INPUT_10='tmpl:samba DROP NOLOG' # drop (or reject) samba access
PF_INPUT_10_COMMENT='no samba traffic allowed'
PF_FORWARD_POLICY='REJECT'
PF_FORWARD_ACCEPT_DEF='yes'
...
PF_FORWARD_N='6'
PF_FORWARD_1='192.168.0.0/16 192.168.13.0/24 ACCEPT BIDIRECTIONAL'
PF_FORWARD_2='192.168.0.0/16 192.168.14.0/24 ACCEPT BIDIRECTIONAL'
PF_FORWARD_3='192.168.0.0/16 192.168.15.0/24 ACCEPT BIDIRECTIONAL'
PF_FORWARD_4='192.168.0.0/16 192.168.16.0/24 ACCEPT BIDIRECTIONAL'
PF_FORWARD_5='tmpl:samba DROP'
PF_FORWARD_6='IP_NET_1 ACCEPT'
PF_POSTROUTING_N='5'
PF_POSTROUTING_1='192.168.13.0/24 192.168.0.0/16 ACCEPT BIDIRECTIONAL'
PF_POSTROUTING_2='192.168.14.0/24 192.168.0.0/16 ACCEPT BIDIRECTIONAL'
PF_POSTROUTING_3='192.168.15.0/24 192.168.0.0/16 ACCEPT BIDIRECTIONAL'
PF_POSTROUTING_4='192.168.16.0/24 192.168.0.0/16 ACCEPT BIDIRECTIONAL'
PF_POSTROUTING_5='IP_NET_1 MASQUERADE' # masquerade traffic
leaving the subnet
...
Haette es auch mal mit
PF_POSTROUTING_6='192.168.13.0/24 MASQUERADE'
PF_POSTROUTING_7='192.168.14.0/24 MASQUERADE'
PF_POSTROUTING_8='192.168.15.0/24 MASQUERADE'
versucht, was aber offensichtlich auch nichts ändert. :-(
Mehr Informationen über die Mailingliste Fli4L