Imam siemens sx763 modem koji mi je glavni izlaz na internet.
Iza njega u lokalnoj mreži imam nekoliko mikrotik rutera (wireless mreža)
Za ruting protokol mi je postavljen OSPF koji dobro odrađuje posao.
Problem je što moj siemens ne pušta internet prema drugim mrežama osim u mreži u kojoj je on.
Primjerice, imam rutere u subnetu 192.168.30.0/24, 192.168.31.0/24, 192.168.29.0/24 i 192.168.33.0/24.
Modem mi je u ovome zadnjem 192.168.33.0/24 i taj ruter ima izlaz na internet, kada pingtam neku adresu recimo www.google.com ping mi prolazi bez problema.
Kada pingam www.google.com sa nekog drugog rutera koji nije u tom subnetu neće. Napravim traceroute i paket mi dođe do ip adrese modema (192.168.33.3) i dalje neide.
Kako je u Siemens-u linux pa sam pomislio da je nešto sa iptables-ima problem.
Kako mu "narediti" da propušta i ostali promet "van" a ne samo ovaj iz njegovog subneta???
Ovo je izlistanje iptables-a
~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
wan_in all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
forward_rtp udp -- anywhere anywhere
HI_PRIO_FORWARD all -- anywhere anywhere
FWD_PORTFORWARD all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/S YN TCPMSS clamp to PMTU
ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:53059
ACCEPT udp -- anywhere 192.168.33.2 udp dpt:53059
ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:3389
ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:1723
ACCEPT tcp -- anywhere 192.168.33.2 tcp dpt:4899
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain Access (0 references)
target prot opt source destination
Chain FWD_FORWARD_DOS_TCP_HDR (0 references)
target prot opt source destination
Chain FWD_FORWARD_DOS_TCP_PAYLOAD (0 references)
target prot opt source destination
Chain FWD_INPUT_DOS_TCP_PAYLOAD (0 references)
target prot opt source destination
Chain FWD_PORTFORWARD (1 references)
target prot opt source destination
Chain HI_PRIO_FORWARD (1 references)
target prot opt source destination
Chain allowed (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW tcp flags FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere state RELATED,ESTAB LISHED
DROP tcp -- anywhere anywhere
Chain bad_tcp_packets (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere state NEW tcp flags :SYN,ACK/SYN,ACK reject-with tcp-reset
DROP tcp -- anywhere anywhere state NEW tcp flags :!SYN,RST,ACK/SYN
Chain forward_rtp (1 references)
target prot opt source destination
Chain icmp_packets (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
Chain tcp_packets (0 references)
target prot opt source destination
allowed tcp -- anywhere anywhere tcp dpt:ssh
Chain udp_packets (0 references)
target prot opt source destination
Chain wan_in (1 references)
target prot opt source destination
bad_tcp_packets tcp -- anywhere anywhere