Ok allora
1.
PC1:
Codice: Seleziona tutto
root@toshiba:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
ether 70:54:d2:5b:1e:c6 txqueuelen 1000 (Ethernet)
RX packets 68 bytes 8007 (7.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 6677 (6.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@toshiba:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.11 0.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
2. cancellate tutte le regole nat e riserita
Codice: Seleziona tutto
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j MASQUERADE
Codice: Seleziona tutto
iptables-save
# Generated by iptables-save v1.8.5 on Wed Jan 27 14:30:48 2021
*nat
:PREROUTING ACCEPT [3:144]
:INPUT ACCEPT [3:144]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 192.168.2.0/24 -d 192.168.1.0/24 -j MASQUERADE
COMMIT
3. host GW2
Codice: Seleziona tutto
root@vpnsinigo:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.4 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::230:18ff:fe03:c652 prefixlen 64 scopeid 0x20<link>
ether 00:30:18:03:c6:52 txqueuelen 1000 (Ethernet)
RX packets 11920 bytes 926331 (904.6 KiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 2632 bytes 332312 (324.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::230:18ff:fe03:c653 prefixlen 64 scopeid 0x20<link>
ether 00:30:18:03:c6:53 txqueuelen 1000 (Ethernet)
RX packets 3030 bytes 275404 (268.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 101 bytes 13328 (13.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3 bytes 271 (271.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 271 (271.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@vpnsinigo:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
root@vpnsinigo:~# iptables-save
# Generated by iptables-save v1.8.5 on Wed Jan 27 14:41:12 2021
*nat
:PREROUTING ACCEPT [1455:214520]
:INPUT ACCEPT [1318:186880]
:OUTPUT ACCEPT [35:2899]
:POSTROUTING ACCEPT [35:2899]
-A POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -j MASQUERADE
COMMIT
4. su GW1 eseguito
5. su GW2 eseguito
6. eseguito su PC1
Codice: Seleziona tutto
nc -v 192.168.2.2 80
root@toshiba:~# nc -v 192.168.2.2 80
192.168.2.2: inverse host lookup failed: Host name lookup failure
(UNKNOWN) [192.168.2.2] 80 (http) open
ha funzionato
TEST 2:
4. su GW1 eseguito
5. su GW2 eseguito
6. su PC1 eseguito
RISULTATO (nc e' rimasto fermo su PC1):
su GW1:
Codice: Seleziona tutto
root@vpnhome:~# tcpdump -n -i eth1 host 91.189.93.8 and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:46:09.418686 IP 192.168.1.2.45330 > 91.189.93.8.80: Flags [S], seq 982960665, win 29200, options [mss 1460,sackOK,TS val 1175507286 ecr 0,nop,wscale 7], length 0
14:46:10.429161 IP 192.168.1.2.45330 > 91.189.93.8.80: Flags [S], seq 982960665, win 29200, options [mss 1460,sackOK,TS val 1175508296 ecr 0,nop,wscale 7], length 0
14:46:12.477134 IP 192.168.1.2.45330 > 91.189.93.8.80: Flags [S], seq 982960665, win 29200, options [mss 1460,sackOK,TS val 1175510344 ecr 0,nop,wscale 7], length 0
14:46:16.509061 IP 192.168.1.2.45330 > 91.189.93.8.80: Flags [S], seq 982960665, win 29200, options [mss 1460,sackOK,TS val 1175514376 ecr 0,nop,wscale 7], length 0
14:46:24.956925 IP 192.168.1.2.45330 > 91.189.93.8.80: Flags [S], seq 982960665, win 29200, options [mss 1460,sackOK,TS val 1175522824 ecr 0,nop,wscale 7], length 0
su GW2:
Codice: Seleziona tutto
root@vpnsinigo:~# tcpdump -n -i eth1 host 91.189.93.8 and port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
nessun output
su PC1 eseguito:
Codice: Seleziona tutto
traceroute 9.189.93.8
traceroute to 9.189.93.8 (9.189.93.8), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.205 ms 0.190 ms 0.172 ms
2 * * *
3 * * *
4 * * *
5 * * *
....
spero di aver fatto tutto giusto