Advertisement
Guest User

Untitled

a guest
Apr 4th, 2012
267
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.67 KB | None | 0 0
  1. ip route show table main
  2.  
  3. X.Y.28.0/24 dev eth2.25 proto kernel scope link src X.Y.28.82
  4. X.Y.34.0/24 dev eth2.24 proto kernel scope link src X.Y.34.6
  5. 192.168.A.0/24 dev eth0 proto kernel scope link src 192.168.A.156
  6. 192.168.B.0/23 dev eth1 proto kernel scope link src 192.168.B.4
  7.  
  8.  
  9. ip route show table 24
  10.  
  11. X.Y.34.0/24 dev eth2.24 proto kernel scope link src X.Y.34.6
  12. 192.168.A.0/24 dev eth0 proto kernel scope link src 192.168.A.156
  13. 192.168.B.0/23 dev eth1 proto kernel scope link src 192.168.B.4
  14. default via X.Y.34.1 dev eth2.24
  15.  
  16.  
  17. ip route show table 25
  18.  
  19. X.Y.28.0/24 dev eth2.25 proto kernel scope link src X.Y.28.82
  20. 192.168.A.0/24 dev eth0 proto kernel scope link src 192.168.A.156
  21. 192.168.B.0/23 dev eth1 proto kernel scope link src 192.168.B.4
  22. default via X.Y.28.1 dev eth2.25
  23.  
  24.  
  25. ip rule show
  26.  
  27. 0: from all lookup local
  28. 100: from all fwmark 0x1 lookup T24
  29. 101: from all fwmark 0x2 lookup T25
  30. 102: from all fwmark 0x3 lookup T24
  31. 103: from all fwmark 0x4 lookup T25
  32. 32767: from all lookup main
  33.  
  34. iptables-save (some stuff edited out to keep it shorter)
  35.  
  36. *mangle
  37. -A PREROUTING -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
  38. -A PREROUTING -m mark ! --mark 0x0 -j ACCEPT
  39. -A PREROUTING -m mark --mark 0x0 -m statistic --mode nth --every 4 -j MARK --set-xmark 0x1/0xffffffff
  40. -A PREROUTING -m mark --mark 0x0 -m statistic --mode nth --every 4 --packet 1 -j MARK --set-xmark 0x2/0xffffffff
  41. -A PREROUTING -m mark --mark 0x0 -m statistic --mode nth --every 4 --packet 2 -j MARK --set-xmark 0x3/0xffffffff
  42. -A PREROUTING -m mark --mark 0x0 -m statistic --mode nth --every 4 --packet 3 -j MARK --set-xmark 0x4/0xffffffff
  43. -A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
  44.  
  45. *nat
  46. -A POSTROUTING -o eth2.24 -j MASQUERADE
  47. -A POSTROUTING -o eth2.25 -j MASQUERADE
  48. -A POSTROUTING -o eth2.26 -j MASQUERADE
  49. -A POSTROUTING -o eth2.27 -j MASQUERADE
  50.  
  51. *filter
  52. -A INPUT -s 127.0.0.1/32 -i lo -j ACCEPT
  53. -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  54. -A INPUT -i eth1 -p icmp -m icmp --icmp-type any -j ACCEPT
  55. -A FORWARD ! -s 192.168.B.0/23 -i eth2.24 -m state --state RELATED,ESTABLISHED -j ACCEPT
  56. -A FORWARD ! -s 192.168.B.0/23 -i eth2.25 -m state --state RELATED,ESTABLISHED -j ACCEPT
  57. -A FORWARD ! -s 192.168.B.0/23 -i eth2.26 -m state --state RELATED,ESTABLISHED -j ACCEPT
  58. -A FORWARD ! -s 192.168.B.0/23 -i eth2.27 -m state --state RELATED,ESTABLISHED -j ACCEPT
  59. -A FORWARD -s 192.168.B.0/23 -i eth1 -o eth2.24 -j ACCEPT
  60. -A FORWARD -s 192.168.B.0/23 -i eth1 -o eth2.25 -j ACCEPT
  61. -A FORWARD -s 192.168.B.0/23 -i eth1 -o eth2.26 -j ACCEPT
  62. -A FORWARD -s 192.168.B.0/23 -i eth1 -o eth2.27 -j ACCEPT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement