Greek - Masquerading Made Simple HOWTO John Tapsell <tapselj0@cs.man.ac.uk> Thomas Spellman <thomas@resonance.org> Matthias Grimm <DeadBull@gmx.net> ÌåôÜöñáóç óôá åëëçíéêÜ áðü: Sotiris Ganouris <topgan1@clug.gr> Éóôïñéêü ÁíáèåùñÞóåùí Áíáèåþñçóç 0.08 2002-07-11 ÅðéìÝëåéá áðüjpt Áíáèåþñçóç 0.07 2002-02-27 ÅðéìÝëåéá áðüjpt Áíáèåþñçóç 0.06 2001-09-08 ÅðéìÝëåéá áðüjpt Áíáèåþñçóç 0.05 2001-09-07 ÅðéìÝëåéá áðüjpt Áíáèåþñçóç 0.04 2001-09-01 ÅðéìÝëåéá áðüjpt Áíáèåþñçóç 0.03 2001-07-06 ÅðéìÝëåéá áðüjpt ¼ëïé ïé óõããñáöåßò åßíáé äéáèÝóéìïé óôï êáíÜëé #debian óôïí irc.opensource.net Ï John Tapsell (JohnFlux) åßíáé ï åðßóçìïò óõíôçñçôÞò ôïõ how-to. Óôåßëôå ìïõ Email (John Tapsell) ãéá ïðïéáäÞðïôå áðïñßá, âñéóéÜ, ó÷üëéá, ñáíôåâïý êôë. Ç êëïðÞ Ýãéíå ìå íôñïðÞ áðï ôç äïõëåéÜ ôïõ David Ranch - <dranch@trinnet.net>. Áõôü ÄÅÍ åßíáé áíôéêáôÜóôáóç ãéá ôïõ IP-Masquerading HOWTO åßíáé Ýíá óõìðëÞñùìá óå áõôü, êáé ôá äýï ôïõò èá ðñÝðåé íá äéáâáóôïýí ìáæß. Äåí ãñÜöù ðñÜãìáôá åäþ ðïõ äåí êáëýðôïíôáé áðï ôï Üëëï HOWTO, ïýôå êáé åîçãþ ôé óçìáßíïõí üëá áõôÜ, Þ ãéáôß ãßíïíôáé üëá áõôÜ. Äåßôå åäþ http://ipmasq.cjb.net êáé ôï ðñþôï Masq-HOWTO ïðïõ åßíáé áñêåôÜ êáëýôåñá guides ïðïõ èá óáò âïçèÞóïõí ðåñéóóüôåñï. Ôï êåßìåíï áõôü ðåñéãñÜöåé ôï ðùò íá åíåñãïðïéÞóåôå ôï IP Masquerade feature óå Ýíá óõãêåêñéìÝíï Linux host. Ôï IP Masq åßíáé ìßá ìïñöÞ ôïõ Network Address Translation Þ åí óõíôïìßá NAT ïðïõ åðéôñÝðåé åóùôåñéêÜ óõíäåäåìÝíïõò õðïëïãéóôÝò óå äßêôõï ðïõ äåí Ý÷ïõí ìßá Þ ðåñéóóüôåñåò êáôá÷ùñçìÝíåò Internet IP äéåõèýíóåéò íá áðïêôÞóïõí ôçí äõíáôüôçôá íá óõíäåèïýí óôï Internet ìÝóù ìßáò Internet IP (óýíäåóçò) åíüò Linux Box. Ïëï ôï êåßìåíï âñßóêåôáé êÜôù áðï ôçí Üäåéá GNU Free Documentation License. http://www.gnu.org/copyleft/fdl.html _________________________________________________________ Ðßíáêáò Ðåñéå÷ïìÝíùí 1. ÅéóáãùãÞ 2. Ðåñßëçøç: (Ìïõ áñÝóåé íá êÜíù ôéò ðåñéëÞøåéò ðñþôá) 3. Ëßãï âáèýôåñç Ýêäïóç 4. Post-install Ïäçãßåò 5. FAQ's - Frequently Asked Compla Questions, Óõ÷íÜ ÐáñÜð ÅñùôÞóåéò 1. ÅéóáãùãÞ Ôá ðáñáêÜôù åßíáé åðßôçäåò ìéêñÜ áëëÜ ìÝóá óôï íüçìá. ÅÜí Ý÷åôå Ýíá äßêôõï ðïõ èÝëåôå íá ôï åíóùìáôþóåôå ìå ôï Internet: [network.png] _________________________________________________________ 2. Ðåñßëçøç: (Ìïõ áñÝóåé íá êÜíù ôéò ðåñéëÞøåéò ðñþôá) ÕðïèÝôùíôáò ïôé ç êÜñôá äéêôýïõ ðïõ äßíåé åîùôåñéêü äßêôõï (ÉÍÔÅÑÍÅÔ) åßíáé ç eth0, êáé ç åîùôåñéêÞ ìáò IP åßíáé ç 123.12.23.43 êáé ç åóùôåñéêÞ êÜñôá äéêôýïõ (åóùôåñéêü äßêôõï) åßíáé ç eth1, ôüôå Ý÷ïõìå: $> modprobe ipt_MASQUERADE # ÅÜí áõôü áðïôý÷åé óõíå÷ßóôå Ýôóé êáé áëëéþ ò $> iptables -F; iptables -t nat -F; iptables -t mangle -F $> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43 $> echo 1 > /proc/sys/net/ipv4/ip_forward Ç ãéá ìßá óýíäåóç dial-up: $> modprobe ipt_MASQUERADE # ÅÜí áõôü áðïôý÷åé óõíå÷ßóôå Ýôóé êáé áëëéþ ò $> iptables -F; iptables -t nat -F; iptables -t mangle -F $> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE $> echo 1 > /proc/sys/net/ipv4/ip_forward ÌåôÜ ãéá íá ôçí ðñïöõëÜîïõìå: $> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $> iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT $> iptables -P INPUT DROP # ìüíï åÜí ôá äýï ðñþôá åßíáé åðéôõ÷çìÝíá $> iptables -A FORWARD -i eth0 -o eth0 -j REJECT ¹ ãéá ìßá óýíäåóç dial-up (ìå ôçí eth0 óáí åóùôåñéêÞ êÜñôá äéêôýïõ): $> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT $> iptables -P INPUT DROP #only if the first two are succesful $> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT Êáé áõôü Þôáí! Ãéá íá äåßôå ôïõò êáíüíåò ôùí iptables ãñÜøôå "iptables -t nat -L" _________________________________________________________ 3. Ëßãï âáèýôåñç Ýêäïóç ÊÜíùíôáò compile ôïí ðõñÞíá: (×ñçóéìïðïéÞóôå Ýíáí 2.4.x ðõñÞíá Þ ìåãáëýôåñï) ×ñåéÜæåóôå ôéò ðáñáêÜôù ñõèìßóåéò óôïí ðõñÞíá: * ÊÜôù áðï ôï Networking Options + Network packet filtering (CONFIG_NETFILTER) * ÊÜôù áðï ôï Networking Options->Netfilter Configuration + Connection tracking (CONFIG_IP_NF_CONNTRACK) + FTP Protocol support (CONFIG_IP_NF_FTP) + IP tables support (CONFIG_IP_NF_IPTABLES) + Connection state match support (CONFIG_IP_NF_MATCH_STATE) + Packet filtering (CONFIG_IP_NF_FILTER) o REJECT target support (CONFIG_IP_NF_TARGET_REJECT) + Full NAT (CONFIG_IP_NF_NAT) o MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE) o REDIRECT target support (CONFIG_IP_NF_TARGET_REDIRECT) + Packet mangling (CONFIG_IP_NF_MANGLE) + LOG target support (CONFIG_IP_NF_TARGET_LOG) Ðñþôá, åÜí ôá iptables êáé ôï masq module äåí Ý÷ïõí ãßíåé compile óôïí ðõñÞíá êáé äåí åßíáé åãêáôåóôçìÝíá, áëëÜ õðÜñ÷ïõí óáí modules, ÷ñåéáæüìáóôå íá ôá åãêáôáóôÞóïõìå. Åáí êÜíåôå Ýíá insmod ipt_MASQUERADE èá öïñôþóåé ôá ip_tables, ip_conntrack êáé ôï iptable_nat. $> modprobe ipt_MASQERADE ÁíåîáñôÞôùò Üí ôï Intranet (åóùôåñéêü äßêôõï) óáò åßíáé ìåãÜëï, Þ áðëþò èÝëåôå äýï ôñåéò õðïëïãéóôÝò íá óõíäåèïýí ìå ôï Internet äåí õðÜñ÷åé ìåãÜëç äéáöïñÜ. ÕðïèÝôùíôáò ïôé äåí õðÜñ÷ïõí Üëëïé êáíüíåò óôá iptables, êÜíôå Ýíá: $> iptables -F; iptables -t nat -F; iptables -t mangle -F ÅÜí ðáßñíåôå Ýíá ëÜèïò ïðïõ ëÝåé ïôé äåí âñßóêåé ôá iptables, ðçãáßíôå êáôåâÜóôå ôá êáé åãêáôáóôÞóôå ôá. ÅÜí óáò ðåé ïôé äåí õðÜñ÷åé ï ðßíáêáò 'nat', êÜíôå recompile ôïí ðõñÞíá ìå nat support. Åáí óáò ðåé ïôé äåí õðÜñ÷åé ðßíáêáò 'mangle', ìçí óôåíá÷ùñéÝóôå, äåí ÷ñåéÜæåôå ãéá ôï ìáóêÜñéóìá. ÅÜí óáò ðåé ïôé ôá iptables åßíáé áóýìâáôá ìå ôïí ðõñÞíá óáò, ðçãáßíôå êáôåâÜóôå Ýíáí ðõñÞíá 2.4.x Þ ìåãáëýôåñï êáé êÜíôå ôïõ compile ìå iptables support. Áí Ý÷åôå ÓÔÁÈÅÑÇ (static) ip êÜíôå (ð.÷. Óå êÜñôá äéêôýïõ ðïõ äåí ÷ñçóéìïðïéåß DHCP): $> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43 Ç ãéá äõíáìéêÞ (dynamic) (ð.÷. ¸íá modem ðïõ ÷ñåéÜæåôå íá êáëÝóåôå Ýíáí áñéèìï ðñþôá (dialup): $> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE ÔåëéêÜ ðñÝåðé íá ðåéôå óôïí ðõñÞíá ðùò íáé, èÝëåôå íá îåêéíÞóåé ôï forwarding (ç ðñïþèçóç) ôùí ðáêÝôùí: (Áõôü ÷ñåéÜæåôå íá ãßíåé ìüíï ìéá öïñÜ óå êÜèå reboot áëëÜ äåí ðåéñÜæåé íá ôï êÜíåôå êáé ðáñáðÜíù öïñÝò) $> echo 1 > /proc/sys/net/ipv4/ip_forward Ïôáí èá Ý÷åôå óéãïõñåõôåß ïôé üëá áõôÜ äïõëåýïõí (äåßôå ôéò ïäçãßåò Post-install ðñþôá) áöÞóôå íá äïõëåýåé ôï ìáóêÜñéóìá ìüíï ôïõ åóùôåñéêïý äéêôýïõ äåí èÝëåôå íá áöÞóåôå üëï ôïí êüóìï óôï Internet íá ôï ÷ñçóéìïðïéïýí öõóéêÜ :) Ðñþôá, áöÞóôå ôéò Þäç õðÜñ÷ïõóåò óõíäÝóåéò, Þ ïôéäÞðïôå ó÷åôßæåôå ìå áõôÝò (ð.÷. Ôçí óýíäåóç óå Ýíáí server ftp ðïõ Ý÷åôå óõíäåèåß åóåßò) $> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ÅÜí áõôü óáò âãÜëåé ìýíçìá ëÜèïõò, ôüôå ôï ðéï ðéèáíü åßíáé íá ìçí Ý÷åôå åíåñãïðïéÞóåé ôï state tracking óôïí ðõñÞíá êÜíôå recompile. ÌåôÜ áöÞóôå êáéíïýñéåò óõíäÝóåéò ìüíï áðï ôï intranet (ôïðéêü/åóùôåñéêü äßêôõï). ÁíôéêáôáóôÞóôå ôï ppp0 ìå eth0 Þ ìå ïôéäÞðïôå åßíáé ç åîùôåñéêÞ óáò óõóêåõÞ. (Ôï ! óçìáßíåé ïôéäÞðïôå åêôüò áðï) $> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT Êáé ôþñá áñíçèåßôå ïôéäÞðïôå Üëëï: $> iptables -P INPUT DROP #only if the first two are succesful ÅÜí ïðïéïóäÞðïôå áðï ôïõò äýï ðñþôïõò êáíüíåò áðïôý÷åé, ôüôå áõôüò ï ôåëåõôáßïò êáíüíáò èá åìðïäßóåé ôï ìáóêÜñéóìá íá äïõëÝøåé åíôåëþò. Ãéá íá áíáéñÝóåôå áõôüí ôïí êáíüíá ìðïñåßôå íá ãñÜøåôå "iptables -P INPUT ACCEPT". _________________________________________________________ 4. Post-install Ïäçãßåò Ïëá èá ðñÝðåé íá ëåéôïõñãïýí ôþñá. Ìçí îå÷Üóåôå íá: * Ñõèìßóôå üëïõò ôïõò õðïëïãéóôÝò ôïõ õðïäéêôýïõ óáò íá äåß÷íïõí óôçí ÉP ôïõ Linux server óáí gateway. (Óôá windows äåîß-êëéê óôï network neighbourhood->properties->gateway êáé ìåôÜ ôïí áëëÜæåôå óôçí IP ôïõ Linux server(gateway)). * Ñõèìßóôå üëïõò ôïõò õðïëïãéóôÝò óáò íá ÷ñçóéìïðïéïýí ôïí proxy ôïõ ISP óáò (áí õðÜñ÷åé ÷ñçóéìïðïéåßóôå transparent proxy), (ÐÑÏÓÏ×Ç Å÷ù áêïýóåé ãéá áíáöïñÝò ïôé ôï transparent proxying åéíáé ðïëý áñãü óå ðïëý ìåãÜëá äßêôõá), Þ ôñÝîôå ôïí squid óôïí linux server óáò. (Áõôü åßíáé ðñïáéñåôéêü áëëÜ óõíéóôÜôáé ãéá ìåãÜëá äßêôõá). * ÓéãïõñåõôÞôå ïôé âÜæåôå óùóôÜ ôïí DNS üôáí ñõèìßæåôáé ôïõò õðïëïãéóôÝò óáò. ÅéäÜëùò èá ðáßñíåôå ìõíÞìáôá ëÜèïõò óå áõôïýò ãéáôß äåí èá ãßíåôå óùóôÜ ôï resolving ôçò IP address. [Offtopic] I wonder if you could simply send out a dhcp broadcast that just forwards on the dns server (and http_proxy while you're at it) without having to setup a dhcp server (or even if you do). Can someone mail me about this? :) Thanks to Richard Atcheson for pointing this out. * Ôþñá èá ðñÝðåé óéãÜ óéãÜ íá äéïñèþíåôáé ôçí áóöÜëåéá óå áõôüí. Ðñþôá áðåíåñãïðïéÞóôå ãåíéêþò ôï forwarding: "iptables -P FORWARD DROP", êáé ìåôÜ ìÜèåôå íá äïõëåýåôå ìå ôá iptables êáé ôá áñ÷åßá /etc/hosts.allow êáé /etc/hosts.deny ãéá íá áóöáëßóåôå ôï óýóôçìÜ óáò. ÐÑÏÓÏ×Ç Ìçí äïêéìÜóåôå ôï ðñïçãïýìåíç êáíü ôùí iptables ìÝ÷ñé íá Ý÷åôå ôï ìáóêÜñéóìá íá äïõëåýåé óùóôÜ ÐñÝðåé íá ïñßæåôáé îå÷ùñéóôÜ ïðïéïäÞðïôå ðáêÝôï èÝëåôå íá ðåñÜóåé åÜí èá ÷ñçóéìïðïéÞóåôå ôçí ðñïçãïýìåíç åíôïëÞ (êáíüíáò iptables) ìå DENY. (Ìðïñåßôå íá áíáéñÝóåôå áõôüí ôïí êáíüíá ìå "iptables -P FORWARD ACCEPT") * ÁöÞóôå üðïéá services èÝëåôå íá öáßíïíôáé óôï internet. Ãéá ðáñÜäåéãìá ãéá íá áöÞóåôå access óôïí web server óáò êÜíôå: $> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT $> iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT Ãéá íá áöÞóåôå ôï ident (ãéá óýíäåóç óôï irc êôë) êÜíôå $> iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT Ãéá íá ôï äïêéìÜóåôå: * ÄïêéìÜóôå íá óõíäåèåßôå áðï Ýíáí õðïëïãéóôÞ ðåëÜôç óôï web ÷ñçóéìïðïéþíôáò ìéá IP. Ç IP ôïõ Google åßíáé 216.239.33.100 (ìßá áðï üëåò ðïõ Ý÷ïõí) êáé èá ðñÝðåé íá ðáñåôå ìßá áðÜíôçóç áðü áõôÞí ð.÷. "ping 216.239.33.100" "lynx 216.239.33.100". * ÄïêéìÜóôå ìéá óýíäåóç ìáæß ìå ôï resolve ôïõ hostname ð.÷. "ping www.google.com" "lynx google.com" Þ áðï ôïí Internet Explorer Þ ôïí netscape Ïðïõ eth0 åßíáé ç êÜñôá äéêôýïõ ðïõ äßíåé Internet (åîùôåñéêÞ), êáé ç 123.12.23.43 åßíáé ç åîùôåñéêÞ ip áõôïý ôïõ ìç÷áíÞìáôïò. _________________________________________________________ 5. FAQ's - Frequently Asked Compla Questions, Óõ÷íÜ ÐáñÜð ÅñùôÞóåéò * Ðùò âëÝðù ôïõ êáíüíåò ùò ôþñá? - ÄïêéìÜóôå $> iptables -L $> iptables -t nat -L * Äåí êÜíåé resolve ôéò IP! ÃñÜöù 'www.microsoft.com' êáé ëÝåé ïôé äåí ôï âñßóêåé - ÓéãïõñåõôÞôå ïôé Ý÷åôå âÜëåé ôéò ñõèìßóåéò dns óå üëïõò ôïõò õðïëïãéóôÝò-ðåëÜôåò. * Äåí äïõëåýåé! Äåí ôïõ áñÝóïõí ôá iptables / NAT / SNAT / MASQ - ÊáôåâÜóôå ôïí ôåëåõôáßï ðõñÞíá, êÜíôå Ýíá compile ìå õðïóôÞñéîç iptables êáé NAT * Äåí äïõëåýåé! Ôï ìáóêÜñéóìá (masquerading) äåí äïõëåýåé êáèüëïõ! Áåé ðíßîïõ âëÜêá - ÄïêéìÜóôå echo 1 > /proc/sys/net/ipv4/ip_forward * Äåí äïõëåýåé! Äåí ìðïñþ íá ÷ñçóéìïðïéÞóù ôï äßêôõï êáèüëïõ ðëÝïí êáé óå ìéóþ! - ÄïêéìÜóôå $> iptables -F $> iptables -t nat -F $> iptables -t mangle -F (üëïé ïé êáíüíåò Ýöõãáí Üíôå ãåéá). ÌåôÜ åðáíáöÝñåôå ôïõò ðñïçãïýìåíïõò êáíüíåò ðïõ ôõ÷üí åß÷áôå. - ÄïêéìÜóôå iptables -P FORWARD ACCEPT * Áêüìá äåí äïõëåýåé - H×ìì, ôï "dmesg | tail" óáò âãÜæåé êÜðïéï ëÜèïò? ÊÜíôå êáé Ýíá "cat /var/log/messages | tail" ? Ï÷é ïôé íïéÜæïìáé êáé ðïëõ :) * Äåí êáôáëáâáßíù, ÄÅÍ ÄÏÕËÅÕÅÉ! - Äåí ìðïñþ íá îÝñù.. áëëÜ èá ðñÝðåé íá åßóôå óå èÝóç íá: 1) ÐéíãêÜñåôå ôï åîùôåñéêü äßêôõï áðï ôï Linux box 2) ÐéíãêÜñåôå áðï ôï Linux Box ôï åóùôåñéêü äßêôõï 3) Áðï ôï åóùôåñéêü äßêôõï íá ðéíãêÜñåôå ôï Linux box Êáé áõôÜ ðñéí áñ÷ßóïõí ïé êáíüíåò ãéá ôï ìáóêÜñéóìá. * Where do I put this stuff? - In the /etc/network/interfaces file, or firewall.rc. If you put it in the interfaces file, then put it as a pre-up to the external interface, and have "iptables -t nat -F" as the post-down. * Ðùò ìðïñþ íá ôï êÜíù íá áíïßãåé ôçí óýíäåóç ìüíï üôáí ôçí ÷ñåéÜæïìáé?(ppp up on demand) - ÕðïèÝôùíôáò ïôé ï gateway ôïõ ISP óáò åßíáé áò ðïýìå 23.43.12.43 , ôüôå ðñïóèÝóôå ìßá ãñáììÞ óáí ôçí ðáñáêÜôù: :23.43.12.43 óôï ôÝëïò ôïõ áñ÷åßïõ /etc/ppp/peers/provider. (áõôü åßíáé ãéá dynamic IP - ãéá static IP èá Þôáí my.external.ip.number:23.43.12.43 ) ÌåôÜ óôï ôÝëïò áõôïý ôïõ áñ÷åßïõ âÜëôå ìéá íÝá ãñáììÞ: demand * Ç óýíäåóç ðÝöôåé óõíå÷þò! - Ðñþôá, Ý÷åôå åíåñãïðïéÞóåé ôï dialing on demand? ÊÜíåé ôçí äïõëåéÜ ôïõ óùóôÜ? ÔóåêÜñåôå ôï /etc/ppp/peers/provider, êáé óéãïõñåõôÞôå ïôé ç óýíäåóç dial up äïõëåýåé êáíïíéêÜ ðñéí äïêéìÜóåôå ôï ìáóêÜñéóìá. - Äåýôåñïí, áí êÜôé ðçãáßíåé ôüóï ðåñßåñãá äïêéìÜóôå íá ãõñßóåôå óå ðñïçãïýìåíï ðõñÞíá (Linux 2.4.3) êáé äåßôå áí åêåé ëåéôïõñãåß Äåí îÝñù ãéáôß... * Äåí ìðïñþ íá ôá êÜíù üëá áõôÜ ìüíïò ìïõ! ÈÝëù êÜôé åôïéìáôæßäéêï ìå GUI. - Óßãïõñá http://shorewall.sourceforge.net/ Ãéá äåßôå ôï... * Ôá Cable modems Ý÷ïõí static Þ dynamic IP? - ÊáëÞ åñþôçóç.. ôï ðéï ðéèáíü åßíáé íá åßíáé dynamic. * Ïé êÜñôåò äéêôýïõ ðïõ óõíäÝïíôáé óå DHCP? - Åßíáé dynamic. * Ðùò äéá÷åéñßæïìáé ôá åóùôåñéêÜ services? - Äïêßìáóôå íá êÜíåôå forwarding Þ redirecting ôéò ðüñôåò ôùí IP îáíÜ óéãïõñåõôÞôå ïôé ôá Ý÷åôå áóöáëßóåé óùóôÜ * Áðï ôïõò õðïëïãéóôÝò ôïõ åóùôåñéêïý äéêôýïõ ìðïñþ íá ðéíãêÜñù ôçí ip ôïõ linux gateway, áëëÜ äåí ìðïñþ íá óõíäåèþ óôï internet. -Ïêåç, äïêéìÜóôå "rmmod iptable_filter" - more info on this as I get it. - ÓéãïõñåõôÞôå ïôé äåí ôñÝ÷åôå ôï routed Þ ôï gated ãéá íá ôóåêÜñåôå ãñÜøôå "ps aux | grep -e routed -e gated". - ÊïéôÜîôå óôï http://ipmasq.cjb.net * Ðùò ìðïñþ íá äþ ðïéåò óõíäÝóåéò åßíáé óå éó÷ý áõôÞ ôçí óôéãìÞ (established)? ÊÜôé óáí ôï netstat.. - ÄïêéìÜóôå cat /proc/net/ip_conntrack * ×ñåéÜæïìáé ðåñéóóüôåñåò ðëçñïöïñßåò ãéá ôï squid ãéá ôï routing êôë! - Äïêßìáóôå íá äéáâÜóåôå ôï Advanced Routing HOWTO http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html * Áõôü ôï howto åßíáé ÷Üëéá! Ðùò èá ðáñáðïíåèþ óôá ðáëçêáñéá ðïõ ôï Ýãñáøáí? - Ðçãáßíôå óôï #debian óôï irc.opensource.net êáé âñåßôå ôïí JohnFlux. - Óôåßëôå ìïõ Mail (JohnFlux) óôï tapselj0@cs.man.ac.uk * Áõôü ôï howto åßíáé ÷Üëéá! Èá äïýìå êáìéá êáëõôåñç Ýêäïóç - ÄïêéìÜóôå http://ipmasq.cjb.net - Áðåõèõíèåßôå óôï LDP Masq-HOWTO. * Ìå ôé Üëëï áó÷ïëÞóå ôþñá? ÁõôÞí ôçí óôéãìÞ ãñÜöù Ýíáí ïäçãü óôï linux ãéá anti-missile-missiles-made-simple. Äåí õðÜñ÷ïõí êáëïß ïäçãïß ðïõ íá óå ðñïóôáôåýïõí áðï ðõñçíéêÝò åêñÞîåéò. :)