急!iptables的问题

由 zhangxin_tmx 在 08-31-2004 12:31 发表:

急!iptables的问题

我的系统是RedHat 9.0,内核版本是2.4.20-8,iptables版本是V1.2.7a,我从另一服务器上移植了一个脚本,总是有问题。

运行时提示如下:

[root@Test-Proxy root]# ./setip.sh

iptables: no chain/target/match by that name

iptables: no chain/target/match by that name

iptables: no chain/target/match by that name

iptables v1.2.7a: Couldn't load target 'natlog':/lib/iptables/libipt_natlog.so:cannot open shared object file: No such file or directory

请各位帮我看一下脚本,看是什么问题!!!

谢谢!!!

脚本如下:

#!/bin/sh

configuration options

LAN_IP_RANGE="10.44.0.0/16"

LAN_IP="10.44.0.1"

LAN_BCAST_ADRESS="10.44.255.255"

LAN_IFACE="eth1"

INET_IP="166.111.44.10"

INET_IFACE="eth0"

LO_IP="127.0.0.1"

LO_IFACE="127.0.0.1"

IPTABLES="/sbin/iptables"

#echo "Starting iptables rules..."

Load all required IPTables modules

Needed to initially load modules

/sbin/depmod -a

Adds some iptables targets like LOG, REJECT and MASQUARADE.

/sbin/modprobe ipt_LOG

/sbin/modprobe ipt_MASQUERADE

/sbin/modprobe ip_tables

/sbin/modprobe ip_nat_ftp

/sbin/modprobe ip_conntrack_ftp

Delete old PREROUTING chain

$IPTABLES -t nat -F PREROUTING

#------------------------------------------------------------------------------

$IPTABLES -t nat -A PREROUTING -s 192.168.0.0/16 -j DROP

$IPTABLES -t nat -A PREROUTING -s 10.0.0.0/8 -j DROP

$IPTABLES -t nat -A PREROUTING -s 172.16.0.0/12 -j DROP

#------------------------------------------------------------------------------

Delete old POSTROUTING chain

$IPTABLES -t nat -F POSTROUTING

MASQ to INET_IFACE

$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

set SNAT

$IPTABLES -t nat -A POSTROUTING -s $LAN_IP_RANGE -j SNAT --to $INET_IP

Delete old INPUT chain

$IPTABLES -F INPUT

Drop ports in PREROUTING

#$IPTABLES -A INPUT -p tcp -i $INET_IFACE -d $INET_IP --dport 10021 -j RETURN

port:22

$IPTABLES -A INPUT -p tcp -i $INET_IFACE -s 166.111.44.200/32 -d $INET_IP --dport 22 -j ACCEPT

$IPTABLES -A INPUT -p tcp --dport 22 -j DROP

disable port 1 to 1024

$IPTABLES -A INPUT -p tcp --dport 1:1024 -j RETURN

$IPTABLES -A INPUT -p udp --dport 1:1024 -j RETURN

Delete old Forward chain

$IPTABLES -F FORWARD

set natlog train

$IPTABLES -F natlog

$IPTABLES -A natlog -p tcp --syn -j LOG --log-prefix "nat_tcp: " --log-ip-options

$IPTABLES -A natlog -p udp -j LOG --log-prefix "nat_udp: " --log-ip-options

Log all forward

$IPTABLES -A FORWARD -j natlog

由 zhangxin_tmx 在 08-31-2004 12:48 发表:

另外问一句,iptables还用单独重新编译吗?是不是安装玩RedHat 9.0后就可以使用了?

由 orphen 在 08-31-2004 13:21 发表:

Published At
Categories with 服务器类
Tagged with
comments powered by Disqus