[MASOCH-L] Problemas para configurar enlace Embratel
caio rezende
caio at theforce.com.br
Sun Aug 15 23:10:59 BRT 2010
Oi Marcelo, acho que infelizmente vou ter que apelar para alguem benzer ou
melhor para exorcizar tudo aqui.
Fiz conforme você instruiu, até instalei uma máquina nova testei as placas
de rede etc.
eth1 Link encap:Ethernet HWaddr 00:24:01:9d:8e:14
inet addr:201.73.81.142 Bcast:201.73.81.143 Mask:255.255.255.252
inet6 addr: fe80::224:1ff:fe9d:8e14/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:947 errors:0 dropped:0 overruns:0 frame:0
TX packets:1066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:76363 (74.5 KiB) TX bytes:83978 (82.0 KiB)
Interrupt:19 Base address:0xd400
eth2 Link encap:Ethernet HWaddr 00:21:91:91:36:95
inet addr:189.3.255.1 Bcast:189.3.255.15 Mask:255.255.255.240
inet6 addr: fe80::221:91ff:fe91:3695/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:330 errors:0 dropped:0 overruns:0 frame:0
TX packets:105 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36025 (35.1 KiB) TX bytes:14807 (14.4 KiB)
Interrupt:18 Base address:0xd000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:140 (140.0 B) TX bytes:140 (140.0 B)
route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
201.73.81.140 0.0.0.0 255.255.255.252 U 0 0 0 eth1
189.3.255.0 0.0.0.0 255.255.255.240 U 0 0 0 eth2
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 201.73.81.141 0.0.0.0 UG 1 0 0 eth1
echo 1 > /proc/sys/net/ipv4/ip_forward
Configuracao maquina cliente
root at atlantis:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:d3:34:b9:62
inet addr:189.3.255.3 Bcast:189.3.255.15 Mask:255.255.255.240
inet6 addr: fe80::216:d3ff:fe34:b962/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:58672 errors:0 dropped:0 overruns:0 frame:0
TX packets:79615 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:33886801 (33.8 MB) TX bytes:10852969 (10.8 MB)
Memory:ee000000-ee020000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3200 errors:0 dropped:0 overruns:0 frame:0
TX packets:3200 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:321752 (321.7 KB) TX bytes:321752 (321.7 KB)
root at atlantis:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
189.3.255.0 0.0.0.0 255.255.255.240 U 1 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0
0.0.0.0 189.3.255.1 0.0.0.0 UG 0 0 0 eth0
Da maquina cliente consigo pingar até 201.73.81.142 (interface de enlace do
meu router), porém não consigo pingar a 201.73.81.141 quando envio o pacote
dos meus hosts
Eu já estou começando a desconfiar da Embratel, mas como não sou expert no
assunto resolvi perguntar para pessoas mais experientes como vocês.
Obrigado.
Em 15 de agosto de 2010 18:41, Marcelo da Silva
<marcelo at mginformatica.com>escreveu:
> Ola...
> comece tudu de novo
> deixe so o essencial para funcionar
>
> tire o alias(eth0:0) da eth0
>
> deixe a eth0 assim
> eth0 Link encap:Ethernet HWaddr 00:24:01:9d:8e:14
> inet addr:201.73.81.142 Bcast:201.73.81.143
> Mask:255.255.255.252
>
> deixe a eth1 aasim
> eth1 Link encap:Ethernet HWaddr 00:21:91:91:36:95
> inet addr:189.xxx.xxx.1 Bcast:189.3.255.15
> Mask:255.255.255.240
>
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> tire todas as regras de firewall..
>
> $IPTABLES -P INPUT ACCEPT
> $IPTABLES -P OUTPUT ACCEPT
> $IPTABLES -P FORWARD ACCEPT
> $IPTABLES -F
> $IPTABLES -X
> $IPTABLES -t nat -F
> $IPTABLES -t nat -X
>
> nos host da rede, ip 189.xxx.xxx.xx 2 até o .14
> gateway dos hosts da rede 189.xxx.xxx.1
> seta dns nos hosts da rede.. pode comecar com o dns do google 8.8.8.8
>
> se funcionar assim, depois voce testas outras variacoes de
> configuracoes....
>
> se nao funcionar voce tem que se benzer, porque isso é o basico e deveria
> funcionar destar forma ( hehhehe );
>
> Abraçosss
>
> On Sun, 15 Aug 2010 16:45:57 -0300, Hamilton Vera
> <hamilton at theforce.com.br> wrote:
> > Caio, coloquei no servidor um script no /root , mas infelizmente perdi
> > conexão com servidor.
> >
> >
> > Se resolver dê um retorno.
> >
> >
> > []'s
> >
> > Hamilton Vera
> >
> >
> > Em 15 de agosto de 2010 16:20, Hamilton Vera
> > <hamilton at theforce.com.br>escreveu:
> >
> >> Olá Marcelo, essa configuração eu já tinha feito, porém não funcionou:
> >>
> >>
> >> eth0 Link encap:Ethernet HWaddr 00:24:01:9d:8e:14
> >> inet addr:201.73.81.142 Bcast:201.73.81.143
> >> Mask:255.255.255.252
> >> inet6 addr: fe80::224:1ff:fe9d:8e14/64 Scope:Link
> >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> RX packets:6062 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:5731 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:1090632 (1.0 MiB) TX bytes:614920 (600.5 KiB)
> >> Interrupt:19 Base address:0xd400
> >>
> >> eth1 Link encap:Ethernet HWaddr 00:21:91:91:36:95
> >> inet addr:189.xxx.xxx.xxxy Bcast:189.3.255.15
> >> Mask:255.255.255.240
> >> inet6 addr: fe80::221:91ff:fe91:3695/64 Scope:Link
> >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> RX packets:2520 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:1899 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:417734 (407.9 KiB) TX bytes:858854 (838.7 KiB)
> >> Interrupt:18 Base address:0xd000
> >>
> >>
> >> O IP que eu coloquei na eth1 é o default gateway das máquinas.
> >>
> >> Também já fiz o teste de colocar um IP da rede 189.xxx.xxx.xxx/28 na
> >> eth0 e
> >> utiliza-lo como default gateway das máquinas, mas nenhum sucesso:
> >>
> >> eth0 Link encap:Ethernet HWaddr 00:24:01:9d:8e:14
> >> inet addr:201.73.81.142 Bcast:201.73.81.143
> >> Mask:255.255.255.252
> >> inet6 addr: fe80::224:1ff:fe9d:8e14/64 Scope:Link
> >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> RX packets:6062 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:5731 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:1090632 (1.0 MiB) TX bytes:614920 (600.5 KiB)
> >> Interrupt:19 Base address:0xd400
> >>
> >> eth0:0 Link encap:Ethernet HWaddr 00:24:01:9d:8e:14
> >> inet addr:189.xxx.xxx.1 Bcast:189.3.255.15
> >> Mask:255.255.255.240
> >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> Interrupt:19 Base address:0xd400
> >>
> >> eth1 Link encap:Ethernet HWaddr 00:21:91:91:36:95
> >> inet addr:189.xxx.xxx.2 Bcast:189.3.255.15
> >> Mask:255.255.255.240
> >> inet6 addr: fe80::221:91ff:fe91:3695/64 Scope:Link
> >> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >> RX packets:2520 errors:0 dropped:0 overruns:0 frame:0
> >> TX packets:1899 errors:0 dropped:0 overruns:0 carrier:0
> >> collisions:0 txqueuelen:1000
> >> RX bytes:417734 (407.9 KiB) TX bytes:858854 (838.7 KiB)
> >> Interrupt:18 Base address:0xd000
> >>
> >> Ainda não consigo repassar da eth0 para eth1, se alguém tiver algum
> >> conselho agradeço.
> >>
> >> Obrigado.
> >>
> >>
> >>
> >> Em 15 de agosto de 2010 12:54, Marcelo da Silva
> >> <marcelo at mginformatica.com
> >> > escreveu:
> >>
> >> na eth1
> >>> vc deve ter um *IP* da rede 189.xxx.xxx.xxx/28
> >>> e o gateway dos hosts da rede 189.xxx.xxx.xxx/28
> >>> deve ser o *IP* que voce colocou na eth1
> >>>
> >>> On Sun, 15 Aug 2010 00:28:56 -0300, caio rezende
> <caio at theforce.com.br>
> >>> wrote:
> >>> > Senhores, boa noite.
> >>> >
> >>> > Adquirimos um link com a Embratel que fornece uma rede com 16 IPs
> >>> > públicos,
> >>> > porém por motivos que não me informaram a embratel não irá
> >>> disponibilizar
> >>> > o
> >>> > roteador que faz o enlace entre as redes.
> >>> >
> >>> > Para tentar resolver essa pendência instalei uma máquina linux com 3
> >>> > interfaces:
> >>> >
> >>> > eth0: Enlace com a Embratel 201.73.81.142 (IP Cliente) ->
> >>> > 201.73.81.141
> >>> > (IP
> >>> > Embratel)
> >>> > eth1: Rede de IPs públicos 189.xxx.xxx.xxx/28
> >>> > eth2: não está em uso
> >>> >
> >>> > Já fiz as configurações básicas de iptables para habilitar forward
> >>> > entre
> >>> > as
> >>> > duas interfaces e habilitar o /proc/sys/net/ipv4/ip_forward.
> >>> >
> >>> > Infelizmente só consigo acessar coisas externas quando faço o
> >>> mascaramento
> >>> > pela interface de enlace, todos saem com o IP 201.73.81.142.
> Gostaria
> >>> > de
> >>> > saber como fazer a interface eth0 (201.73.81.142) aceitar também os
> >>> > pacotes
> >>> > que chegam para a rede de IPs públicos (189.xxx.xxx.xxx/28) que
> tenho
> >>> > na
> >>> > eth1.
> >>> >
> >>> > Já verifiquei com o TCPDUMP, os pacotes destinados a rede
> >>> > 189.3.255.0/28estão <http://189.3.255.0/28est%C3%A3o> <
> http://189.3.255.0/28est%C3%A3o> chegando na
> >>> interface eth0, porém não consigo
> >>> > repassar esses pacotes
> >>> > para a eth1.
> >>> >
> >>> > tcpdump -p -n -s 1500 -i eth0
> >>> >
> >>> > 00:02:57.247968 IP 201.73.81.142.49733 > 189.xxx.xxx.yyy.25: Flags
> >>> > [S],
> >>> seq
> >>> > 1840559620, win 65535, options [mss 1410,sackOK,eol], length 0
> >>> >
> >>> > tcpdump -p -n -s 1500 -i eth1
> >>> > <NADA>
> >>> >
> >>> > Um colega da lista Hamilton Vera sugeriu que eu olhasse novamente as
> >>> regras
> >>> > de forward, abaixo está um script bem simples que utilizo e a tabela
> >>> > de
> >>> > rotas:
> >>> >
> >>> > root at gw:~# route -n
> >>> > Kernel IP routing table
> >>> > Destination Gateway Genmask Flags Metric Ref
> >>> > Use
> >>> > Iface
> >>> > 201.73.81.140 0.0.0.0 255.255.255.252 U 0 0
>
> >>> > 0
> >>> > eth0
> >>> > 189.3.255.0 0.0.0.0 255.255.255.240 U 0 0
>
> >>> > 0
> >>> > eth1
> >>> > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
>
> >>> > 0
> >>> lo
> >>> > 0.0.0.0 201.73.81.141 0.0.0.0 UG 1 0
>
> >>> > 0
> >>> > eth0
> >>> >
> >>> > #!/bin/sh
> >>> > IPTABLES="/usr/local/sbin/iptables"
> >>> > # Flush todas as regras
> >>> > $IPTABLES -F INPUT
> >>> > $IPTABLES -F OUTPUT
> >>> > $IPTABLES -F FORWARD
> >>> > # Limpa as regras nas tabelas filter e NAT:
> >>> > $IPTABLES -F
> >>> > $IPTABLES -t nat -F
> >>> > echo "Apaga qualquer chain fora do padrao nas tabelas filter e NAT:"
> >>> > $IPTABLES -X
> >>> > $IPTABLES -t nat -X
> >>> > # Seta a politica padrao da tabela filter:
> >>> > $IPTABLES -P INPUT ACCEPT
> >>> > $IPTABLES -P OUTPUT ACCEPT
> >>> > $IPTABLES -P FORWARD ACCEPT
> >>> > # Seta a politica padrao na tabela NAT:
> >>> > $IPTABLES -t nat -P PREROUTING ACCEPT
> >>> > $IPTABLES -t nat -P POSTROUTING ACCEPT
> >>> > $IPTABLES -t nat -P OUTPUT ACCEPT
> >>> > #########################
> >>> > # CONFIGURACOES FINAIS:
> >>> > #########################
> >>> > #$IPTABLES -t nat -A POSTROUTING -o eth1 -j MASQUERADE
> >>> > $IPTABLES -A FORWARD -i eth1 -o eth2 -m state --state
> >>> > NEW,ESTABLISHED,RELATED -j ACCEPT
> >>> > $IPTABLES -A FORWARD -i eth2 -o eth1 -m state --state
> >>> ESTABLISHED,RELATED
> >>> > -j
> >>> > ACCEPT
> >>> > $IPTABLES -A FORWARD -i eth1 -o eth2 -j ACCEPT
> >>> > $IPTABLES -A FORWARD -i eth2 -o eth1 -j ACCEPT
> >>> > # Habilita o IP Forward:
> >>> > echo 1 > /proc/sys/net/ipv4/ip_forward
> >>> > # Enable TCP SYN Cookie Protection
> >>> > echo 1 >/proc/sys/net/ipv4/tcp_syncookies
> >>> > # Enable broadcast echo protection
> >>> > echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
> >>> > echo "Iptables Started"
> >>> >
> >>> >
> >>> > Fico imensamente grato por qualquer ajuda.
> >>> >
> >>> > Caio
> >>> > __
> >>> > masoch-l list
> >>> > https://eng.registro.br/mailman/listinfo/masoch-l
> >>> __
> >>> masoch-l list
> >>> https://eng.registro.br/mailman/listinfo/masoch-l
> >>>
> >>
> >>
> >>
> >> --
> >> http://hvera.wordpress.com
> >>
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>
More information about the masoch-l
mailing list