Maszyna VM:############################################################$ cat

1. Maszyna VM:
2. ############################################################
3. $ cat /etc/network/interfaces
4.  
5. # The loopback network interface
6. auto lo
7. iface lo inet loopback
8.  
9. #Local interface
10. auto ens19
11. iface ens19 inet static
12. address 192.168.0.1
13. netmask 255.255.255.0
14.  
15.  
16.  
17. # Public interface
18. auto ens18
19. iface ens18 inet static
20. address IP.FAILOVER.z.OVH
21. netmask 255.255.255.255
22. network IP.FAILOVER.z.OVH
23. post-up route add IP.HOSTA.OVH.254 dev ens18
24. post-up route add default gw IP.HOSTA.OVH.254
25. dns-nameservers 8.8.8.8 8.8.4.4
26. ##############################################################
27. $ ip r
28.  
29. default via IP.HOSTA.OVH.254 dev ens18
30. 10.8.0.0/24 via 10.8.0.2 dev tun0
31. 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1
32. IP.HOSTA.OVH.254 dev ens18 scope link
33. 192.168.0.0/24 dev ens19 proto kernel scope link src 192.168.0.1
34.  
35. ################################################################
36. $ iptables-save
37.  
38. *nat
39. :PREROUTING ACCEPT [60031:32103183]
40. :INPUT ACCEPT [1797:67898]
41. :OUTPUT ACCEPT [53:3769]
42. :POSTROUTING ACCEPT [168:11007]
43. -A POSTROUTING -s 10.8.0.0/24 -o ens18 -j MASQUERADE
44. -A POSTROUTING -s 192.168.0.0/24 -o ens18 -j MASQUERADE
45. -A POSTROUTING -s 192.168.0.0/24 -o ens19 -j MASQUERADE
46. COMMIT
47. *filter
48. :INPUT ACCEPT [8000:1226673]
49. :FORWARD ACCEPT [272:15164]
50. :OUTPUT ACCEPT [7121:1105759]
51. :f2b-sshd - [0:0]
52. -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
53. -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
54. -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
55. -A FORWARD -s 10.8.0.0/24 -d 192.168.0.1/32 -i tun0 -o 192.168.0.0
56. -A FORWARD -i ens19 -o ens18 -m state --state RELATED,ESTABLISHED -j ACCEPT
57. -A FORWARD -i ens19 -o ens18 -j ACCEPT
58. -A f2b-sshd -j RETURN
59. -A f2b-sshd -j RETURN
60. COMMIT
61. ##############################################################
62. $ tcpdump -n -l -i any -c 10 host 192.168.0.10
63.  
64. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
65. listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
66. 13:30:45.254957 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
67. 13:30:45.254988 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
68. 13:30:48.271421 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
69. 13:30:48.271442 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
70. 13:30:50.255199 ARP, Request who-has 192.168.0.10 tell 192.168.0.1, length 28
71. 13:30:50.276644 ARP, Reply 192.168.0.10 is-at 8e:43:f1:69:b6:30, length 46
72. 13:30:54.282025 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
73. 13:30:54.282043 IP 10.8.0.6.52960 > 192.168.0.10.22: Flags [S], seq 2245353329, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
74. #################################################################
75. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
76. Maszyna z problemem (B)
77. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
78. ##################################################################
79. $ cat /etc/network/interfaces
80.  
81. # The loopback network interface
82. auto lo
83. iface lo inet loopback
84.  
85. #Local interface
86. auto ens18
87. iface ens18 inet static
88. address 192.168.0.10
89. netmask 255.255.255.0
90. dns-nameservers 8.8.8.8 8.8.4.4
91.  
92. # Public interface
93. auto ens19
94. iface ens19 inet static
95. address IP.FAILOVER.z.OVH2
96. netmask 255.255.255.255
97. network IP.FAILOVER.z.OVH2
98. post-up route add IP.HOSTA.OVH.254 dev ens19
99. post-up route add default gw IP.HOSTA.OVH.254
100. dns-nameservers 8.8.8.8 8.8.4.4
101. #################################################################
102. $ ip r
103.  
104. IP.HOSTA.OVH.254 dev ens19 scope link
105. 192.168.0.0/24 dev ens18 proto kernel scope link src 192.168.0.10
106. #################################################################
107. $ iptables-save
108. (pusty output)
109. #################################################################
110. $ tcpdump -n -l -i any -c 10 host 192.168.0.1
111.  
112. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
113. listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
114. 13:46:29.558380 ARP, Request who-has 192.168.0.10 tell 192.168.0.1, length 4 6
115. 13:46:29.558399 ARP, Reply 192.168.0.10 is-at 8e:43:f1:69:b6:30, length 28
116. 2 packets captured
117. 2 packets received by filter
118. 0 packets dropped by kernel
119. #################################################################
120. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
121. Ale jak zrobię:
122. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
123. $ tcpdump -n -l -i any -c 10 host 10.8.0.6
124. tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
125. listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
126. 13:50:57.528736 IP 10.8.0.6.53268 > 192.168.0.10.22: Flags [S], seq 2744405898, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
127. 13:51:00.533416 IP 10.8.0.6.53268 > 192.168.0.10.22: Flags [S], seq 2744405898, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
128. 13:51:06.543333 IP 10.8.0.6.53268 > 192.168.0.10.22: Flags [S], seq 2744405898, win 64240, options [mss 1353,nop,wscale 8,nop,nop,sackOK], length 0
129.  
130. 3 packets captured
131. 3 packets received by filter
132. 0 packets dropped by kernel