lubux schrieb:
NikeOne4 schrieb:
Soll ich die Ausgaben trotzdem Posten?
Ja, ... denn evtl. kann dir jemand helfen, der sich mit Tinc auskennt.
Maschine
root@nikpi ~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@nikpi ~ # iptables -nvx -L -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Der 1. Client
srv@srv-gateway:~$ cat /etc/sysctl.conf | grep -i ip_forward
#net.ipv4.ip_forward=1
srv@srv-gateway:~$ route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.253.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
srv@srv-gateway:~$ sudo iptables -nvx -L -t nat
Chain PREROUTING (policy ACCEPT 2049 packets, 114068 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 90 packets, 11700 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 24 packets, 2835 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
6 360 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
1976 104675 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
1 168 MASQUERADE all -- * tun0 0.0.0.0/0 0.0.0.0/0
Der 2. Gateway
root@vRouter:~# cat /etc/sysctl.conf | grep -i ip_forward
#net.ipv4.ip_forward=1
root@vRouter:~# route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
12.1.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
root@vRouter:~# sudo iptables -nvx -L -t nat
Chain PREROUTING (policy ACCEPT 5769 packets, 896590 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1422 packets, 157424 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 139 packets, 12551 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
22 1573 MASQUERADE all -- * eth1 0.0.0.0/0 0.0.0.0/0
4421 746376 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0
1 60 MASQUERADE all -- * tun0 0.0.0.0/0 0.0.0.0/0
r
Hoffe das hilft das Problem einzugrenzen.