|
|
Пишет Русскоязычное Linux-сообщество (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} lj_ru_linux)@ 2013-12-09 20:35:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
QNAP NAS +OpenVPN
Доброго всем !
Имеем NAS в локации "Home" и локацию "Office".
Надо обеспечить из локации "Office" доступ к NAS в локации "Home".
Между локациями есть VPN (OpenVPN).
Со стороны Office - VPN сервер, на стороне Home - минисервачок (оба на базе Debian).
Оба стоят за шлюзами (на стороне Office сделан проброс порта VPN на Gateway).
Схема сети и результаты скромных попыток понять какого ... не пингуется, не трейсится и тп NAS из локации Office под катом.
На самом NAS:
[/etc] # for table in `cat /proc/net/ip_tables_names` ; do
> iptables -t $table -L -nv
> done
Chain INPUT (policy ACCEPT 144M packets, 75G bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 121M packets, 80G bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 3437K packets, 432M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1404K packets, 136M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1404K packets, 136M bytes)
pkts bytes target prot opt in out source destination
[/etc] # ip address list
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 532
link/ether 00:08:9b:c9:09:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.198/24 brd 192.168.1.255 scope global eth1
3: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 532
link/ether 00:08:9b:c9:09:32 brd ff:ff:ff:ff:ff:ff
[/etc] # ip route list
192.168.3.0/24 via 192.168.1.40 dev eth1
10.8.0.0/24 via 192.168.1.40 dev eth1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.198
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth1
[/etc] # traceroute -n 192.168.3.118
traceroute to 192.168.3.118 (192.168.3.118), 30 hops max, 40 byte packets
1 192.168.1.40 1.385 ms 0.229 ms 0.174 ms
2 192.168.3.118 109.439 ms 21.938 ms 95.413 ms
[/etc] # traceroute -n 192.168.3.180
traceroute to 192.168.3.180 (192.168.3.180), 30 hops max, 40 byte packets
1 192.168.1.40 0.389 ms 0.207 ms 0.17 ms
2 10.8.0.1 17.668 ms 17.618 ms 17.445 ms
3 192.168.3.180 18.231 ms 259.797 ms 60.841 ms
[/etc] #
[/etc] # ping -c 1 192.168.3.118
PING 192.168.3.118 (192.168.3.118): 56 data bytes
64 bytes from 192.168.3.118: icmp_seq=0 ttl=63 time=26.0 ms
--- 192.168.3.118 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 26.0/26.0/26.0 ms
[/etc] #
[/etc] # ping -c 1 192.168.3.180
PING 192.168.3.180 (192.168.3.180): 56 data bytes
64 bytes from 192.168.3.180: icmp_seq=0 ttl=61 time=18.9 ms
--- 192.168.3.180 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 18.9/18.9/18.9 ms
С хоста в офисе до компа дома:
root@debian:~# traceroute -n 192.168.1.236
traceroute to 192.168.1.236 (192.168.1.236), 30 hops max, 60 byte packets
1 192.168.3.118 0.327 ms 0.295 ms 0.245 ms
2 10.8.0.13 128.292 ms 132.189 ms 133.959 ms
3 192.168.1.236 137.098 ms 139.080 ms 141.324 ms
root@debian:~# ping -c 1 192.168.1.236
PING 192.168.1.236 (192.168.1.236) 56(84) bytes of data.
64 bytes from 192.168.1.236: icmp_req=1 ttl=62 time=18.7 ms
--- 192.168.1.236 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.700/18.700/18.700/0.000 ms
root@debian:~# ping -c 1 192.168.1.198
PING 192.168.1.198 (192.168.1.198) 56(84) bytes of data.
^C
--- 192.168.1.198 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
tcpdump на NAS отсутствует, увы (лучи поноса разработчикам из QNAP).
На VPN-клиенте есть, но там я вижу, что icmp request в сторону NAS улетает, но обратно - тишина.
Что еще можно глянуть ?
Доброго всем !
Имеем NAS в локации "Home" и локацию "Office".
Надо обеспечить из локации "Office" доступ к NAS в локации "Home".
Между локациями есть VPN (OpenVPN).
Со стороны Office - VPN сервер, на стороне Home - минисервачок (оба на базе Debian).
Оба стоят за шлюзами (на стороне Office сделан проброс порта VPN на Gateway).
Схема сети и результаты скромных попыток понять какого ... не пингуется, не трейсится и тп NAS из локации Office под катом.
На самом NAS:
[/etc] # for table in `cat /proc/net/ip_tables_names` ; do
> iptables -t $table -L -nv
> done
Chain INPUT (policy ACCEPT 144M packets, 75G bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 121M packets, 80G bytes)
pkts bytes target prot opt in out source destination
Chain PREROUTING (policy ACCEPT 3437K packets, 432M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1404K packets, 136M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1404K packets, 136M bytes)
pkts bytes target prot opt in out source destination
[/etc] # ip address list
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 532
link/ether 00:08:9b:c9:09:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.198/24 brd 192.168.1.255 scope global eth1
3: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 532
link/ether 00:08:9b:c9:09:32 brd ff:ff:ff:ff:ff:ff
[/etc] # ip route list
192.168.3.0/24 via 192.168.1.40 dev eth1
10.8.0.0/24 via 192.168.1.40 dev eth1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.198
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth1
[/etc] # traceroute -n 192.168.3.118
traceroute to 192.168.3.118 (192.168.3.118), 30 hops max, 40 byte packets
1 192.168.1.40 1.385 ms 0.229 ms 0.174 ms
2 192.168.3.118 109.439 ms 21.938 ms 95.413 ms
[/etc] # traceroute -n 192.168.3.180
traceroute to 192.168.3.180 (192.168.3.180), 30 hops max, 40 byte packets
1 192.168.1.40 0.389 ms 0.207 ms 0.17 ms
2 10.8.0.1 17.668 ms 17.618 ms 17.445 ms
3 192.168.3.180 18.231 ms 259.797 ms 60.841 ms
[/etc] #
[/etc] # ping -c 1 192.168.3.118
PING 192.168.3.118 (192.168.3.118): 56 data bytes
64 bytes from 192.168.3.118: icmp_seq=0 ttl=63 time=26.0 ms
--- 192.168.3.118 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 26.0/26.0/26.0 ms
[/etc] #
[/etc] # ping -c 1 192.168.3.180
PING 192.168.3.180 (192.168.3.180): 56 data bytes
64 bytes from 192.168.3.180: icmp_seq=0 ttl=61 time=18.9 ms
--- 192.168.3.180 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 18.9/18.9/18.9 ms
С хоста в офисе до компа дома:
root@debian:~# traceroute -n 192.168.1.236
traceroute to 192.168.1.236 (192.168.1.236), 30 hops max, 60 byte packets
1 192.168.3.118 0.327 ms 0.295 ms 0.245 ms
2 10.8.0.13 128.292 ms 132.189 ms 133.959 ms
3 192.168.1.236 137.098 ms 139.080 ms 141.324 ms
root@debian:~# ping -c 1 192.168.1.236
PING 192.168.1.236 (192.168.1.236) 56(84) bytes of data.
64 bytes from 192.168.1.236: icmp_req=1 ttl=62 time=18.7 ms
--- 192.168.1.236 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 18.700/18.700/18.700/0.000 ms
root@debian:~# ping -c 1 192.168.1.198
PING 192.168.1.198 (192.168.1.198) 56(84) bytes of data.
^C
--- 192.168.1.198 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
tcpdump на NAS отсутствует, увы (лучи поноса разработчикам из QNAP).
На VPN-клиенте есть, но там я вижу, что icmp request в сторону NAS улетает, но обратно - тишина.
Что еще можно глянуть ?
