Alle 20:13, domenica 19 dicembre 2004, hai scritto: > Potrebbe andare bene uno schema cosi composto > > host-a => host-b(nat,freeswan) => host-c(routing) => > host-d(nat,freeswan) => host-e > > La configurazione degli host coinvolti la ipotizzo piu' o meno > questa: > > --------------------------------------------------------------------- > host-a:~# ifconfig eth0 192.168.0.1 netmask > 255.255.255.0 broadcast 192.168.0.255 > host-a:~# route add default 192.168.0.254 > host-a:~# ping -c 1 192.168.3.1; ssh my_user_host_e@xxxxxxxxxxx > --------------------------------------------------------------------- > > --------------------------------------------------------------------- > host-b:~# ifconfig eth0 192.168.0.254 netmask > 255.255.255.0 broadcast 192.168.0.255 > host-b:~# ifconfig eth1 192.168.1.254 netmask 255.255.255.0 broadcast > 192.168.1.255 > host-b:~# route add default 192.168.1.253 > host-b:~# echo "1" > /proc/sys/net/ipv4/ip_forward > host-b:~# iptables -t NAT -A POSTROUTING -o eth1 -j MASQUERADE > host-b:~# /etc/init.d/freeswan restart > host-b:~# cat /etc/ipsec.conf > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug=none > plutoload=%search > plutostart=%search > uniqueids=yes > conn %default > keyingtries=0 > disablearrivalcheck=no > authby=rsasig > leftrsasingkey=%dns > rigthrsasigkey=%dns > conn prova > left=192.168.2.254 > leftsubnet=192.168.3.0/24 > leftnexthop=192.168.2.253 > rigth=192.168.1.254 > rigthsubnet=192.168.0.0/24 > rigthnexthop=192.168.1.253 > auto=start > --------------------------------------------------------------------- > > --------------------------------------------------------------------- > host-c:~# ifconfig eth0 192.168.1.253 netmask > 255.255.255.0 broadcast 192.168.1.255 > host-c:~# ifconfig eth1 192.168.2.253 netmask 255.255.255.0 broadcast > 192.168.2.255 > host-c:~# tcpdump -i any -n > sniff > --------------------------------------------------------------------- > > --------------------------------------------------------------------- > host-d:~# ifconfig eth0 192.168.2.254 netmask > 255.255.255.0 broadcast 192.168.1.255 > host-d:~# ifconfig eth1 192.168.3.254 netmask 255.255.255.0 broadcast > 192.168.2.255 > host-d:~# route add default 192.168.2.253 > host-d:~# echo "1" > /proc/sys/net/ipv4/ip_forward > host-d:~# iptables -t NAT -A POSTROUTING -o eth0 -j MASQUERADE > host-d:~# /etc/init.d/freeswan restart > host-b:~# cat /etc/ipsec.conf > config setup > interfaces=%defaultroute > klipsdebug=none > plutodebug=none > plutoload=%search > plutostart=%search > uniqueids=yes > conn %default > keyingtries=0 > disablearrivalcheck=no > authby=rsasig > leftrsasingkey=%dns > rigthrsasigkey=%dns > conn prova > left=192.168.2.254 > leftsubnet=192.168.3.0/24 > leftnexthop=192.168.2.253 > rigth=192.168.1.254 > rigthsubnet=192.168.0.0/24 > rigthnexthop=192.168.1.253 > auto=start > --------------------------------------------------------------------- > > --------------------------------------------------------------------- > host-e:~# ifconfig eth0 192.168.3.1 netmask > 255.255.255.0 broadcast 192.168.3.255 > host-e:~# route add default 192.168.3.254 > host-a:~# ping -c 1 192.168.0.1; ssh my_user_host_a@xxxxxxxxxxx > --------------------------------------------------------------------- Sapete dirmi se posso creare un ambiente simile con delle macchine virtuali con vmware -- Per iscriversi (o disiscriversi), basta spedire un messaggio con OGGETTO "subscribe" (o "unsubscribe") a mailto:linuxtrent-request@xxxxxxxxxxxxx