由邓奕文在 09-13-2003 17:09 发表:

谁教我

我用SQUID做了一个代理上网，但客户机有时听歌需要UDP协议和端口，哪位大师教教我怎么做？

由大熊宝宝在 09-13-2003 23:12 发表:

SQUID支持HTTP代理 UDP什么的用IPTABLES做NAT吧网络版有文章介绍去看看吧

请兄弟们正确发贴,把问题发到相关版块发贴标题请简明扼要谢谢大家配合.

新会员发贴前请学会搜索论坛有可能你的问题已经有答案了

由空心菜在 09-14-2003 08:49 发表:

给你个脚本

#!/bin/bash

Script name: ipt_masq

A simple script for masquerading, used in Linux (kernel 2.4.x).

Copyleft 2002 by netman ([email protected]).

Redistribution of this file is permitted under the terms of

the GNU General Public License (GPL).

Date: 2002/02/04

Version: 1.2

#eth1 192.168.0.1 8139 modern

#eth0 1912.168.0.2 dec lan

PATH=/sbin:/usr/sbin:/bin:/usr/bin

RC_SQUID=/etc/rc.d/init.d/squid

EXT_IF=ppp0

INT_IF=eth0

ALLOWED_ICMP="0 3 3/4 4 11 12 14 16 18"

DENIED_ICMP="8"

------------- ensure iptables ----------

which iptables &>/dev/null || {

echo

echo "$(basename $0): iptables program is not found."

echo " Please install the program first."

echo

exit 1

}

------------- disable ipchains ----------

lsmod | grep ipchains &>/dev/null && {

echo "Disabling ipchains..."

rmmod ipchains &>/dev/null

}

------------- modules -----------

echo "Loading modules..."

modprobe ip_tables &>/dev/null || {

echo -n "$(basename $0): loading ip_tables module failure."

echo " Please Fix it!"

exit 3

}

for file in /lib/modules/uname -r/kernel/net/ipv4/netfilter/ip_conntrack_*.o

module=$(basename $file)

modprobe ${module%.*} &>/dev/null

done

for file in /lib/modules/uname -r/kernel/net/ipv4/netfilter/ip_nat_*.o

module=$(basename $file)

modprobe ${module%.*} &>/dev/null

done

------------- ipforwarding -----------

echo "Turning on IP forwarding..."

echo "1" > /proc/sys/net/ipv4/ip_forward

------------- anti spoofing -----------

echo "Turning on anti-spoofing..."

for file in /proc/sys/net/ipv4/conf/*/rp_filter; do

echo "1" > $file

done

------------- flushing ----------

echo "Cleaning up..."

iptables -F -t filter

iptables -X -t filter

iptables -Z -t filter

iptables -F -t nat

iptables -X -t nat

iptables -Z -t nat

------------- policies -------------

echo "Setting up policies to ACCEPT..."

iptables -P INPUT ACCEPT

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -t nat -P PREROUTING ACCEPT

iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -P OUTPUT ACCEPT

------------- ICMP -------------

echo "Creating icmpfilter chain..."

iptables -N icmpfilter

for TYPE in $DENIED_ICMP; do

iptables -A icmpfilter -i $EXT_IF -p icmp \

--icmp-type $TYPE -j DROP

done

for TYPE in $ALLOWED_ICMP; do

iptables -A icmpfilter -i $EXT_IF -p icmp \

--icmp-type $TYPE -j ACCEPT

done

------------- block -------------

echo "Creating block chain..."

iptables -N block

iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A block -m state --state NEW,INVALID -i $EXT_IF -j DROP

iptables -A block -m state --state NEW -i ! $EXT_IF -j ACCEPT

iptables -A block -j DROP

------------- filter -------------

echo "Filtering packets..."

iptables -A INPUT -j icmpfilter

iptables -A INPUT -j block

iptables -A FORWARD -j icmpfilter

iptables -A FORWARD -j block

------------- masq -------------

echo "Masquerading internel network..."

#iptables -A FORWARD -i eth0 -p udp --dport 8000 -j DROP

#iptables -A FORWARD -d tcpconn.tencent.com -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.3/32 -j DROP

#413

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.4/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.5/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.6/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.7/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.8/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.9/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.10/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.11/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.12/32 -j DROP

#407

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.13/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.14/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.15/32 -j DROP

#407

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.16/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.17/32 -j DROP

#310

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.18/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.19/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.20/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.21/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.22/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.23/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.24/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.25/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.26/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.27/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.28/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.29/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.30/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.31/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.32/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.33/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.34/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.35/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.36/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.37/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.38/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.39/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.40/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.41/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.42/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.43/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.44/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.45/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.46/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.47/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.48/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.49/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.50/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.51/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.52/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.53/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.54/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.55/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.56/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.57/32 -j DROP

请教有关SQUID代理上网的问题？

Script name: ipt_masq

A simple script for masquerading, used in Linux (kernel 2.4.x).

Copyleft 2002 by netman ([email protected]).

Redistribution of this file is permitted under the terms of

the GNU General Public License (GPL).

Date: 2002/02/04

Version: 1.2

------------- ensure iptables ----------

------------- disable ipchains ----------

------------- modules -----------

------------- ipforwarding -----------

------------- anti spoofing -----------

------------- flushing ----------

------------- policies -------------

------------- ICMP -------------

------------- block -------------

------------- filter -------------

------------- masq -------------

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.3/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.5/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.7/32 -j DROP

iptables -t nat -A POSTROUTING -o ppp0 -s 172.16.0.12/32 -j DROP