<s id="2e0qm"><div id="2e0qm"></div></s>
<div id="2e0qm"><button id="2e0qm"></button></div>
<small id="2e0qm"></small>
<div id="2e0qm"></div>
<div id="2e0qm"><s id="2e0qm"></s></div>
<div id="2e0qm"><button id="2e0qm"></button></div>
主頁 > 知識庫 > 服務器 > Linux/BSD >

linux iptable設置實踐

來源:中國IT實驗室 作者:佚名 發表于:2013-07-11 10:54  點擊:
下面是設置網絡時的基本狀況: 主機3個網卡: eth0 192.168.0.1/24 內網 eth1 192.168.20.1/24 外網 eth2 192.168.50.1/24 會議室網絡 ppp0 ( 設置為 eth1 上撥號上網) DHCP設置: 192.168.0.1/24 { 192.168.0.100----192.168.0.200 } 192.168.50.1/24 {192
下面是設置網絡時的基本狀況:
  主機3個網卡:
  eth0 192.168.0.1/24   內網
  eth1 192.168.20.1/24  外網
  eth2 192.168.50.1/24  會議室網絡
  ppp0  ( 設置為 eth1 上撥號上網)
  DHCP設置:
  192.168.0.1/24      { 192.168.0.100----192.168.0.200 }
  192.168.50.1/24   {192.168.50.100---192.168.50.200 }
  VPN設置:
  localip:    192.168.10.1
  remoteip:  192.168.10. 100    192.168.10.150
  下面是firewall的具體設置:
  [root@yujiagw ~]# cat firewall
  #!/bin/sh
  iptables -F
  iptables -t nat -F
  iptables -P FORWARD ACCEPT
  iptables -X poweruser
  iptables -X qquser
  iptables -X httpuser
  # NAT
  iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
  #iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
  iptables -t nat -A PREROUTING -p tcp --dport 53 -j ACCEPT
  iptables -t nat -A PREROUTING -p udp --dport 53 -j ACCEPT
  iptables -t nat -A PREROUTING -p tcp --dport 25 -j ACCEPT
  iptables -t nat -A PREROUTING -p tcp --dport 110 -j ACCEPT
  #iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 443
  #iptables -t nat -A PREROUTING -p udp --dport 443 -j REDIRECT --to-port 443
  # Port Forwarding
  #iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 3389 -j DNAT --to 192.168.0.4:3389
  #iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to 192.168.0.4:80
  #iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 8080 -j DNAT --to 192.168.50.2:8080
  #iptables -A FORWARD -d 192.168.50.2 -p tcp --dport 8080 -j ACCEPT
  #iptables -t nat -A POSTROUTING -d 192.168.50.2 -p tcp --dport 8080 -j SNAT --to 192.168.0.1
  # Basic Port Open
  iptables -A FORWARD -p tcp --dport 53 -j ACCEPT
  iptables -A FORWARD -p udp --dport 53 -j ACCEPT
  iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
  iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
  # VPN
  iptables -A FORWARD -s 192.168.10.0/24 -d 192.168.0.0/24 -j ACCEPT
  iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.10.0/24 -j ACCEPT
  # Conference Room
  iptables -A FORWARD -s 192.168.50.0/24 -d 192.168.0.0/24 -j ACCEPT
  iptables -A FORWARD -s 192.168.0.0/24 -d 192.168.50.0/24 -j ACCEPT
  # Set Connect WAN
  iptables -A FORWARD -d 192.168.50.0/24 -j ACCEPT
  # HeQuanXin
  #iptables -A FORWARD -m mac --mac-source 00:1A:6B:35:A5:66 -j ACCEPT
  #iptables -A FORWARD -m mac --mac-source 44:D8:84:0A:9F:5D -j ACCEPT
  #-----------------------------------PowerUser-------define------------------------
  iptables -N poweruser
  iptables -A poweruser  -j ACCEPT
  #---------------------------------httpuser define-----------------
  # Set Http User
  iptables -N httpuser
  iptables -A httpuser -p tcp --dport 53 -j ACCEPT
  iptables -A httpuser -p udp --dport 53 -j ACCEPT
  # Reject QQZone
  iptables -A httpuser -d user.qzone.qq.com -j REJECT
  iptables -A httpuser -p tcp --dport 80 -j ACCEPT
  iptables -A httpuser -p udp --dport 80 -j ACCEPT
  iptables -A httpuser -p tcp --dport 25 -j ACCEPT
  iptables -A httpuser -p tcp --dport 110 -j ACCEPT
  iptables -A httpuser -p tcp --dport 443 -j ACCEPT
  iptables -A httpuser -p udp --dport 443 -j ACCEPT

有幫助
(0)
0%
沒幫助
(0)
0%
真人女荫道口100种图片
<s id="2e0qm"><div id="2e0qm"></div></s>
<div id="2e0qm"><button id="2e0qm"></button></div>
<small id="2e0qm"></small>
<div id="2e0qm"></div>
<div id="2e0qm"><s id="2e0qm"></s></div>
<div id="2e0qm"><button id="2e0qm"></button></div>