redhat9+adsl透明代理上网iptables问题(附firewall代码)?

由 太阳风 在 02-08-2004 14:23 发表:

redhat9+adsl透明代理上网iptables问题(附firewall代码)?

实现redhat9+adsl+squid+iptables透明代理上网:在firewall中只添加以下代码:

/sbin/iptables -F -t nat

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

#将eth1的所有针对80端口的访问重定向到3128端口。

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE

代理上网正常。现在希望用iptables进行控制。参照网上许多代码。如下:

#!/bin/sh

touch /var/lock/subsys/local

Enabling IP Forwarding......"

echo "Enabling IP Forwarding........"

echo 1 > /proc/sys/net/ipv4/ip_forward

Enabling iptables rules

Internet Configuration.

EXT_IF="ppp0"

INT_IF="eth1"

LAN_IP_RANGE="192.168.0.0/24"

TRUSTED_TCP_PORT="22 25 53 80 110 143 443 3128 6000 6001 6002 7100"

加载模块

echo "modprobe modules"

modprobe ip_tables

modprobe ip_nat_ftp

modprobe ip_conntrack

modprobe ip_conntrack_ftp

iptables规则初始化

echo "Enabling iptables rules"

iptables -F -t nat

iptables -P FORWARD DROP

打开信任端口

echo "Open trusted ports....."

iptables -N services

for PORT in $TRUSTED_TCP_PORT; do

iptables -A services -i $EXT_IF -p tcp --dport $PORT -j ACCEPT

done

iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE

#iptables -A FORWARD -i $INT_IF -j ACCEPT

#iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -m state --state NEW -i ! ppp0 -j ACCEPT

iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT

iptables -A FORWARD -p icmp -m

Published At
Categories with 服务器类
Tagged with
comments powered by Disqus