由 太阳风 在 02-08-2004 14:23 发表:
redhat9+adsl透明代理上网iptables问题(附firewall代码)?
实现redhat9+adsl+squid+iptables透明代理上网:在firewall中只添加以下代码:
/sbin/iptables -F -t nat
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
#将eth1的所有针对80端口的访问重定向到3128端口。
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
代理上网正常。现在希望用iptables进行控制。参照网上许多代码。如下:
#!/bin/sh
touch /var/lock/subsys/local
Enabling IP Forwarding......"
echo "Enabling IP Forwarding........"
echo 1 > /proc/sys/net/ipv4/ip_forward
Enabling iptables rules
Internet Configuration.
EXT_IF="ppp0"
INT_IF="eth1"
LAN_IP_RANGE="192.168.0.0/24"
TRUSTED_TCP_PORT="22 25 53 80 110 143 443 3128 6000 6001 6002 7100"
加载模块
echo "modprobe modules"
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp
iptables规则初始化
echo "Enabling iptables rules"
iptables -F -t nat
iptables -P FORWARD DROP
打开信任端口
echo "Open trusted ports....."
iptables -N services
for PORT in $TRUSTED_TCP_PORT; do
iptables -A services -i $EXT_IF -p tcp --dport $PORT -j ACCEPT
done
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
#iptables -A FORWARD -i $INT_IF -j ACCEPT
#iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -p icmp -m