Расклад такой - есть сеть с такой схемой:
Internet----->asus|----->debian-server|----->debian-client|
|----->winxp |----->ps2
Где asus - это роутер rt-g32, который исправно раздаёт Интернет на Deian-server и winxp; debian-server - это небольшой сервачок для торрентов nfs и для раздачи Интерета на debian-client; ps2 - приставка, которая втыкается в deb-serv. Раздачу Интернета на deb-client сделал с помощью мана -
http://easylinux.ru/node/117Deb-serv /etc/network/interfaces:
allow-hotplug eth0
iface eth0 inet dhcp
#мой комп
auto eth1
iface eth1 inet static
address 192.168.10.1
netmask 255.255.255.0
ifconfig:
eth0 Link encap:Ethernet HWaddr 00:e0:18:8c:0d:f7
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:18ff:fe8c:df7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:39730 errors:0 dropped:0 overruns:0 frame:0
TX packets:29956 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48413810 (46.1 MiB) TX bytes:3658931 (3.4 MiB)
Interrupt:5 Base address:0xd400
eth1 Link encap:Ethernet HWaddr 00:26:18:d9:be:23
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::226:18ff:fed9:be23/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26577 errors:0 dropped:0 overruns:0 frame:0
TX packets:37293 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:2737795 (2.6 MiB) TX bytes:48188079 (45.9 MiB)
Interrupt:11 Base address:0x9800
Так же, на deb-serv я заюзал - Arno's Iptables Firewall:
Sanity checks passed...OK
Stopping (user) plugins (if used)...
Checking/probing Iptables modules:
Module check done...
Configuring /proc/.... settings:
Enabling anti-spoof with rp_filter
Enabling SYN-flood protection via SYN-cookies
Disabling the logging of martians
Disabling the acception of ICMP-redirect messages
Setting the max. amount of simultaneous connections to 16384
Setting default conntrack timeouts
Enabling protection against source routed packets
Enabling reduction of the DoS'ing ability
Setting Default TTL=64
Disabling ECN (Explicit Congestion Notification)
Enabling support for dynamic IP's
Flushing route table
/proc/ setup done...
Setting up firewall chains
Setting default INPUT/FORWARD policy to DROP
Using loglevel "info" for syslogd
Setting up firewall rules:
-------------------------------------------------------------------------------
Accepting packets from the local loopback device
Enabling setting the maximum packet size via MSS
Enabling mangling TOS
Logging of stealth scans (nmap probes etc.) enabled
Logging of packets with bad TCP-flags enabled
Logging of INVALID TCP packets disabled
Logging of INVALID UDP packets disabled
Logging of INVALID ICMP packets disabled
Logging of fragmented packets enabled
Logging of access from reserved addresses enabled
Setting up (antispoof) INTERNAL net(s): 192.168.10.0/24
Reading custom rules from /etc/arno-iptables-firewall/custom-rules
Checking for (user) plugins in /usr/share/arno-iptables-firewall/plugins...
UPnP plugin v0.12
Loaded 1 plugin(s)...
Setting up INPUT policy for the external net (INET):
Enabling support for DHCP-assigned-IP (DHCP client)
Logging of explicitly blocked hosts enabled
Logging of denied local output connections enabled
Packets will NOT be checked for private source addresses
Allowing the whole world to connect to TCP port(s): 27910:27915 35821 5000 1234:1236 80 137:139 4111
Allowing the whole world to connect to UDP port(s): 1234:1236 35821 5000 27910:27915 137:139 4111
Allowing the whole world to send ICMP-requests(ping)
Logging of dropped ICMP-request(ping) packets enabled
Logging of dropped other ICMP packets enabled
Logging of possible stealth scans enabled
Logging of (other) connection attempts to PRIVILEGED TCP ports enabled
Logging of (other) connection attempts to PRIVILEGED UDP ports enabled
Logging of (other) connection attempts to UNPRIVILEGED TCP ports enabled
Logging of (other) connection attempts to UNPRIVILEGED UDP ports enabled
Logging of other IP protocols (non TCP/UDP/ICMP) connection attempts enabled
Logging of ICMP flooding enabled
Setting up OUTPUT policy for the external net (INET):
Allowing all (other) ports/protocols
Applying INET policy to external interface: eth0 (without an external subnet specified)
Setting up INPUT policy for internal (LAN) interface(s): eth1
Allowing ICMP-requests(ping)
Allowing all (other) ports/protocols
Setting up FORWARD policy for internal (LAN) interface(s): eth1
Logging of denied LAN->INET FORWARD connections enabled
Setting up LAN->INET policy:
Allowing ICMP-requests(ping)
Allowing all (other) ports/protocols
Enabling masquerading(NAT) via external interface(s): eth0
Adding (internal) host(s): 192.168.10.0/24
Security is ENFORCED for external interface(s) in the FORWARD chain
Feb 19 20:23:13 All firewall rules applied.
Deb-client /etc/network/interfaces:
auto eth0
iface eth0 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1
Интернет на deb-client пашет.
Проблема в следующем: deb-client не виден за deb-server(deb-server и deb-client видят друг-друга естественно). Как заставить за deb-server'oм увидеть некоторые порты deb-client???
Заранее спасибо!
