由 linuxbabys 在 08-19-2004 09:50 发表:
squid代理服务器启动失败,请高手指点(急)
网吧用的代理服务器
eth0内网 ppp0电信固定IP SQUID试过好用,内网网段(192.168.0-192.168.1.x)192.168.0.223内网http.ftp服务器
但IPTABLES脚本加了后就不好用了
#!/bin/bash
/etc/rc.d/init.d/squid start
echo "Enable IP Forwarding..."
echo 1 >/proc/sys/net/ipv4/ip_forward
echo "Starting iptables rules..."
/sbin/modprobe iptable_filter
/sbin/modprobe ip_tables
/sbin/modprobe iptable_nat
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp -m tcp --dport 21 --syn -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp -m tcp --dport 80 --syn -j ACCEPT
iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --dport 21 -i eth0 -j DNAT --to 192.168.0.223
iptables -t nat -A PR