LİNUX-ROUTER-1 Gw1: 74.90.92.1 GW2: 95.111.62.129

1. Soru : 192.168.198.31’e 95.111.62.136‘nın 3389 ve 80 nolu portlarını iptables ve iproute kullanarak nasıl NATLARIZ ? Not : 2 nolu routerda ana routing tabloda default gw 10.3.3.1 yapılırsa çalışıyor. Sorun 192.168.198.2 olduğunda çalışmaması. ISP1 LİNUX-ROUTER-1 Gw1: 74.90.92.1 GW2: 95.111.62.129 eth0 74.90.92.246 95.111.62.136 eth1 10.3.3.1/30 eth1 10.3.3.2/30 ISP2 LİNUX-ROUTER-2 Gw1:192.168.198.2 Gw2:10.3.3.1 eth0 192.168.198.130/24 XP Gw: 192.168.198.130 eth0 192.168.198.31/24

2. LINUX-ROUTER-1 Route Table • ip r s • 10.3.3.0/30 dev eth1 proto kernel scope link src 10.3.3.1 • 95.111.62.128/26 dev eth0 scope link src 95.111.62.136 • 78.90.92.0/24 dev eth0 scope link src 78.90.92.246 • default via 78.90.92.1 dev eth0 • ip r s t 10 • 78.90.92.0/24 dev eth0 scope link src 78.90.92.246 • default via 78.90.92.1 dev eth0 • İp r s t 20 • 10.3.3.0/30 dev eth1 scope link src 10.3.3.1 • 95.111.62.128/26 dev eth0 scope link src 95.111.62.136 • default via 95.111.62.129 dev eth0

3. Linux ROUTER-1 IPTABLES • İptables –t mangle -L • Chain PREROUTING (policy ACCEPT) • target prot opt source destination • TTL all -- anywhere anywhere TTL set to 100 • MARK all -- 10.3.3.2 anywhere MARK xset 0x2/0xffffffff • Chain INPUT (policy ACCEPT) • target prot opt source destination • Chain FORWARD (policy ACCEPT) • target prot opt source destination • Chain OUTPUT (policy ACCEPT) • target prot opt source destination • Chain POSTROUTING (policy ACCEPT) • target prot opt source destination • İptables –t nat –L • Chain PREROUTING (policy ACCEPT) • target prot opt source destination • DNAT tcp -- anywhere 95-111-62-136 tcp dpt:4390 to:10.3.3.2:3389 • DNAT tcp -- anywhere 95-111-62-136 multiport dports ftp-data,ftp,ssh,www to:10.3.3.2 • Chain POSTROUTING (policy ACCEPT) • target prot opt source destination • SNAT all -- 10.3.3.2 anywhere to:95.111.62.136 • Chain OUTPUT (policy ACCEPT) • target prot opt source destination

4. LINUX-ROUTER-2 Route Table • ip r s • 10.3.3.0/30 dev eth1 proto kernel scope link src 10.3.3.2 • 192.168.198.0/24 dev eth0 scope link src 192.168.198.130 • default via 192.168.198.2 dev eth0 metric 2 • ip r s t 10 • 10.3.3.0/30 dev eth1 scope link src 10.3.3.2 • 192.168.198.0/24 dev eth0 scope link src 192.168.198.130 • default via 192.168.198.2 dev eth0 • İp r s t 20 • 10.3.3.0/30 dev eth1 scope link src 10.3.3.2 • 192.168.198.0/24 dev eth0 scope link src 192.168.198.130 • default via 10.3.3.1 dev eth1

5. Linux ROUTER-2 IPTABLES • İptables –t mangle -L • Chain PREROUTING (policy ACCEPT) • target prot opt source destination • TTL all -- anywhere anywhere TTL set to 100 • MARK all -- 10.3.3.2 anywhere MARK xset 0x2/0xffffffff • Chain INPUT (policy ACCEPT) • target prot opt source destination • Chain FORWARD (policy ACCEPT) • target prot opt source destination • Chain OUTPUT (policy ACCEPT) • target prot opt source destination • Chain POSTROUTING (policy ACCEPT) • target prot opt source destination • İptables –t nat –L • Chain PREROUTING (policy ACCEPT) • target prot opt source destination • DNAT tcp -- anywhere 10.3.3.2 tcp dpt:4390 to:10.3.3.2:3389 • DNAT tcp -- anywhere 10.3.3.2 multiport dports ftp-data,ftp,ssh,www to:192.168.98.31 • Chain POSTROUTING (policy ACCEPT) • target prot opt source destination • SNAT all -- 192.168.198.31 anywhere to:10.3.3.2 • Chain OUTPUT (policy ACCEPT) • target prot opt source destination