|
|
发表于 2004-10-3 22:09:14
|
显示全部楼层
把下面的东西copy到rc.local里面.
eth0对应外网,eth1对应内网,根据你的情况相应修改.
# To use iptables-based NAT, we must enable IP forwarding for IPv4:
echo 1 > /proc/sys/net/ipv4/ip_forward
# Or modify /etc/sysctl.conf such that:
# net.ipv4.ip_forward = 1
# IPTABLES firewall
# extdev: the network device/interface for the external network
# intdev: the network device/interface for the internal network
extdev=eth0
intdev=eth1
# extip: the IP of the external network
# intranet: the network ID of the internal network
# Manually assign the value of extip or intranet:
#extip=20.30.40.50
#intranet=192.168.9.0/24
# Or extract the value from output of ifconfig:
extip=`/sbin/ifconfig $extdev | grep inet | cut -d : -f 2 | cut -d ' ' -f 1`
intranet=`/sbin/ifconfig $intdev | grep inet | cut -d : -f 2 | cut -d ' ' -f 1 | cut -d . -f 1-3`.0/24
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A INPUT -s $intranet -i $extdev -j DROP
/sbin/iptables -A FORWARD -s $intranet -i ! $extdev -o $extdev -j ACCEPT
/sbin/iptables -A FORWARD -i $extdev -o ! $extdev -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s $intranet -o $extdev -j SNAT --to-source $extip |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2004-9-30 21:33:26