Witam serdecznie.<br><br>Bardzo proszę o pomoc.<br><br>Problem w tym, że nie mogę poradzić sobie z modyfikacją iptables aby przepuszczał sygnał poprzez dwa AP do klienta.<br><br>tak wygląda lms-mgc :<br>network_header&nbsp; =&lt;&lt;EOT<br>
/usr/local/sbin/iptables -t nat -F<br>/usr/local/sbin/iptables -t filter -F<br>/usr/local/sbin/iptables -P FORWARD DROP<br>/usr/local/sbin/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP<br>/usr/local/sbin/iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP<br>
/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP<br>/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP<br>/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP<br>
/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP<br>/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP<br>/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP<br>
/usr/local/sbin/iptables -A INPUT -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT<br>/usr/local/sbin/iptables -A INPUT -f -j DROP<br>/usr/local/sbin/iptables -A INPUT -m state --state INVALID -j DROP<br>
/usr/local/sbin/iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT<br>/usr/local/sbin/iptables -N rate_limit<br>/usr/local/sbin/iptables -F rate_limit<br>/usr/local/sbin/iptables -A rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j ACCEPT<br>
/usr/local/sbin/iptables -A rate_limit -p udp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j ACCEPT<br>/usr/local/sbin/iptables -A rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT<br>#/usr/local/sbin/iptables
 -A rate_limit -p &lt;protocol&gt; --dport &lt;port&gt; -m limit --limit
 &lt;x/sec/min/hr&gt; --limit-burst X -j ACCEPT<br>
#/usr/local/sbin/iptables -A rate_limit -p ! ICMP -j LOG --log-prefix " Connection dropped!! "<br>/usr/local/sbin/iptables -A rate_limit -p tcp -j REJECT --reject-with tcp-reset<br>/usr/local/sbin/iptables -A rate_limit -p udp -j REJECT --reject-with icmp-port-unreachable<br>
/usr/local/sbin/iptables -A rate_limit -j DROP<br>/usr/local/sbin/iptables -I INPUT -p ICMP --icmp-type echo-request -j rate_limit<br>/usr/local/sbin/iptables -I INPUT -p tcp --dport 22 -m state --state NEW -j rate_limit<br>
/usr/local/sbin/iptables -I INPUT -p udp --dport 1194 -m state --state NEW -j rate_limit<br>/usr/local/sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT<br>/usr/local/sbin/iptables -A FORWARD -p tcp --dport 445 -j DROP<br>
/usr/local/sbin/iptables -A FORWARD -p udp --sport 445 -j DROP<br>/usr/local/sbin/iptables -A FORWARD -p udp -m multiport --dports 137,138,139 -j DROP<br>/usr/local/sbin/iptables -A FORWARD -p tcp -m multiport --dports 137,138,139 -j DROP<br>
<br>EOT<br><br><br>plus standard :<br>dst_network_header =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t nat -I POSTROUTING -s %ADDR/%MASK -d %DADDR/%DMASK -j ACCEPT<br>/usr/local/sbin/iptables -t nat -I PREROUTING -s %ADDR/%MASK -d %DADDR/%DMASK -j ACCEPT<br>
/usr/local/sbin/iptables -t filter -I FORWARD -s %ADDR/%MASK -d %DADDR/%DMASK -j ACCEPT<br>EOT<br><br>grantednode_publ =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t filter -A FORWARD -s %IP -m mac --mac-source %MAC -j ACCEPT<br>
/usr/local/sbin/iptables -t filter -A FORWARD -d %IP -j ACCEPT<br>/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 80 -j REDIRECT --to-port 3128<br>#/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 25 -j REDIRECT --to-port 25<br>
EOT<br><br>grantednode_priv =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t filter -A FORWARD -s %IP -m mac --mac-source %MAC -j ACCEPT<br>/usr/local/sbin/iptables -t filter -A FORWARD -d %IP -j ACCEPT<br>/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 80 -j REDIRECT --to-port 3128<br>
/usr/local/sbin/iptables -t nat -A POSTROUTING -s %IP -o eth4 -j SNAT --to 213.241.35.102<br>/usr/local/sbin/iptables -A POSTROUTING -t nat -s %IP -j MASQUERADE<br>EOT<br><br>deniednode_publ =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 80 -j REDIRECT --to-port 81<br>
/usr/local/sbin/iptables -t filter -A INPUT -s %IP -p tcp --dport 81 -j ACCEPT<br>/usr/local/sbin/iptables -t filter -A INPUT -s %IP -p tcp --dport 80 -j ACCEPT<br>/usr/local/sbin/iptables -t filter -I FORWARD -s %ADDR/%MASK -d %DADDR/%DMASK -j ACCEPT<br>
EOT<br><br>grantednode_publ =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t filter -A FORWARD -s %IP -m mac --mac-source %MAC -j ACCEPT<br>/usr/local/sbin/iptables -t filter -A FORWARD -d %IP -j ACCEPT<br>/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 80 -j REDIRECT --to-port 3128<br>
#/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 25 -j REDIRECT --to-port 25<br>EOT<br><br>grantednode_priv =&lt;&lt;EOT<br>/usr/local/sbin/iptables -t filter -A FORWARD -s %IP -m mac --mac-source %MAC -j ACCEPT<br>
/usr/local/sbin/iptables -t filter -A FORWARD -d %IP -j ACCEPT<br>/usr/local/sbin/iptables -t nat -A PREROUTING -s %IP -p tcp --dport 80 -j REDIRECT --to-port 3128<br>/usr/local/sbin/iptables -t nat -A POSTROUTING -s %IP -o eth4 -j SNAT --to 213.241.35.102<br>
/usr/local/sbin/iptables -A POSTROUTING -t nat -s %IP -j MASQUERADE<br>EOT