Доброе время суток всем!
Товарищи! Упёрся в стену, которой не вижу: есть внутрисетевой маршрутизатор на линуксе, есть удалённая сеть и хост в ней 192.168.57.18. Шлюзом к этому хосту - чёрный ящик АПКШ Континент с адресом 192.168.16.16, доступа к настройкам его не имею.
На моём маршрутизаторе:
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.254 netmask 255.255.255.0 broadcast 192.168.0.255
ether 0c:c4:7a:01:82:a0 txqueuelen 1000 (Ethernet)
RX packets 13265394902 bytes 2101583161398 (1.9 TiB)
RX errors 0 dropped 1483883 overruns 0 frame 0
TX packets 22928118450 bytes 28198473574063 (25.6 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xdf920000-df93ffff
eno2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.16.254 netmask 255.255.255.0 broadcast 192.168.16.255
ether 0c:c4:7a:01:82:a1 txqueuelen 1000 (Ethernet)
RX packets 1396977623 bytes 300963356145 (280.2 GiB)
RX errors 375920 dropped 0 overruns 0 frame 246956
TX packets 2458741766 bytes 3006919839101 (2.7 TiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xdf900000-df91ffffв iptables есть такое:
:PREROUTING ACCEPT [7812:705014]
:INPUT ACCEPT [138:8248]
:OUTPUT ACCEPT [171:12488]
:POSTROUTING ACCEPT [1793:210923]
[...skip...]
-A POSTROUTING -s 192.168.0.0/24 -d 192.168.57.18/32 -j SNAT --to-source 192.168.16.254
-A POSTROUTING -s 192.168.0.0/24 -d 192.168.16.0/24 -j SNAT --to-source 192.168.16.254
COMMIT
*filter
:INPUT DROP [40:1842]
:FORWARD ACCEPT [44338:41146293]
:OUTPUT ACCEPT [5051:577582]
[...skip...]
# Это от безысходности
-A FORWARD -s 192.168.0.0/24 -d 192.168.16.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -d 192.168.57.0/24 -j ACCEPT
[...skip...]
Со своего роутера пингую и Континент, и хост:
17:28:08.467108 IP 192.168.16.254 > 192.168.57.18: ICMP echo request, id 5187, seq 1, length 64
17:28:08.501415 IP 192.168.57.18 > 192.168.16.254: ICMP echo reply, id 5187, seq 1, length 64
17:28:09.468589 IP 192.168.16.254 > 192.168.57.18: ICMP echo request, id 5187, seq 2, length 64
17:28:09.502992 IP 192.168.57.18 > 192.168.16.254: ICMP echo reply, id 5187, seq 2, length 64
17:28:10.470090 IP 192.168.16.254 > 192.168.57.18: ICMP echo request, id 5187, seq 3, length 64
17:28:10.504482 IP 192.168.57.18 > 192.168.16.254: ICMP echo reply, id 5187, seq 3, length 64
17:30:03.275224 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 5244, seq 1, length 64
17:30:03.275573 IP 192.168.16.16 > 192.168.16.254: ICMP echo reply, id 5244, seq 1, length 64
17:30:04.274926 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 5244, seq 2, length 64
17:30:04.275327 IP 192.168.16.16 > 192.168.16.254: ICMP echo reply, id 5244, seq 2, length 64
А вот с рабочей станции внутри локалки пинг не идёт ни туда, ни туда:
на eno1:
17:29:03.553489 IP 192.168.0.154 > 192.168.16.16: ICMP echo request, id 1, seq 98, length 40
17:29:08.245065 IP 192.168.0.154 > 192.168.16.16: ICMP echo request, id 1, seq 99, length 40
17:29:13.259983 IP 192.168.0.154 > 192.168.16.16: ICMP echo request, id 1, seq 100, length 40
17:29:18.258505 IP 192.168.0.154 > 192.168.16.16: ICMP echo request, id 1, seq 101, length 40
17:59:31.321965 IP 192.168.0.154 > 192.168.57.18: ICMP echo request, id 1, seq 105, length 40
17:59:36.246235 IP 192.168.0.154 > 192.168.57.18: ICMP echo request, id 1, seq 106, length 40
на eno2:
17:29:03.553543 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 1, seq 98, length 40
17:29:08.245106 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 1, seq 99, length 40
17:29:08.562907 ARP, Request who-has 192.168.16.16 tell 192.168.16.254, length 28
17:29:08.563307 ARP, Reply 192.168.16.16 is-at 5c:83:cd:00:2d:88, length 46
17:29:13.260027 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 1, seq 100, length 40
17:29:18.258526 IP 192.168.16.254 > 192.168.16.16: ICMP echo request, id 1, seq 101, length 40
17:59:31.322011 IP 192.168.16.254 > 192.168.57.18: ICMP echo request, id 1, seq 105, length 40
17:59:36.246276 IP 192.168.16.254 > 192.168.57.18: ICMP echo request, id 1, seq 106, length 40
На моём роутере:
netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eno1
192.168.16.0 0.0.0.0 255.255.255.0 U 0 0 0 eno2
192.168.57.0 192.168.16.16 255.255.255.0 UG 0 0 0 eno2
Толкните меня в правильную сторону, а то снег у нас ещё не выпал и лыжи по асфальту не едут!... :(