我这用做代理服务器对吗？大侠们快来帮我看看哦，谢谢！！

wjkcboss · 发表于 2005-5-22 04:24:36

第一步：改eth1为外网，eth0为内网
第二步：ping外网，内网正常
第三步：传rc.fw脚本到etc/rc.d目录下
第四步：修改rc.fw脚本里的OUTSIDE_IP=61.185.210.158 为外网ip
第五步：修改执行权限：chmod 755 rc.fw
第六步：修改rc.local在rc.local加入 cd /etc/rc.d/rc.fw保存退出
第七步：reboot
我用的rc.fw脚本如下：
#!/bin/sh
echo "0" > /proc/sys/net/ipv4/ip_forward
#If you config you device
OUTSIDE_DEVICE=eth1
INSIDE_DEVICE=eth0
#If you config you IP address
OUTSIDE_IP=61.185.215.210
SERVER_IP=192.168.1.253
#OUTSIDE_IP_GW=
#SERVER_IP_GW=
#If you have PC more than 255,Please use 3 C Class address
#ifconfig eth1:1 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
#ifconfig eth1:2 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
#ifconfig eth1:3 192.168.3.1 netmask 255.255.255.0 broadcast 192.168.3.255
#If you have OTHER IP ADDRESS
#ifconfig eth0:1 xxx.xxx.xxx.xxx netmask 255.255.255.x broadcast xxx.xxx.xxx.xxx
#route del -net default gw ${OUTSIDE_IP_GW} netmask 255.255.255.252 dev eth0
#route del -net default gw ${SERVER_IP_GW} netmask 255.255.255.0 dev eth1
#route add -net default gw ${OUTSIDE_IP_GW} netmask 255.255.255.252 dev eth0
#route add -net default gw ${SERVER_IP_GW} netmask 255.255.255.0 dev eth1
# We like ues FTP server
/sbin/modprobe ip_tables
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
# Flushing the chains.
iptables -F
iptables -t nat -F
iptables -X
iptables -Z # zero all counters
# Policy for chains DROP everything
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Good old masquerading.
iptables -t nat -A POSTROUTING -o ${OUTSIDE_DEVICE} -j MASQUERADE
# DNS Forward to ISP Dns Server
#iptables -t nat -A PREROUTING -p udp -d 0.0.0.0/0 --dport 53 -j DNAT --to 61.134.1.4:53
# SSH
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 22 -j DNAT --to ${SERVER_IP}:22
iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 22 -o ${INSIDE_DEVICE} -j ACCEPT
iptables -A INPUT -p tcp -i ${OUTSIDE_DEVICE} --dport 22 -j ACCEPT
# Forwarding outside ports to an internal server.
# This used to be the ipchains / ipmasqadm portfw commad.
#WINDOWS 2000 SERVER TSC use this rule, the port can be choose
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 3333 -j DNAT --to ${SERVER_IP}:3389
iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 3389 -o ${INSIDE_DEVICE} -j ACCEPT
# MAIL:
#iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 25 -j DNAT --to ${SERVER_IP}:25
#iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 25 -o ${INSIDE_DEVICE} -j ACCEPT
#iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 143 -j DNAT --to ${SERVER_IP}:110
#iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 110 -o ${INSIDE_DEVICE} -j ACCEPT
# Web:
#iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 80 -j DNAT --to ${SERVER_IP}:80
#iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 80 -o ${INSIDE_DEVICE} -j ACCEPT
# FTP:
iptables -A PREROUTING -t nat -p tcp -d ${OUTSIDE_IP} --dport 21 -j DNAT --to ${SERVER_IP}:21
#iptables -A FORWARD -p tcp -d ${SERVER_IP} --dport 21 -o ${INSIDE_DEVICE} -j ACCEPT
# Keep state.
iptables -A FORWARD -m state --state NEW -i ${INSIDE_DEVICE} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state NEW,INVALID -i ${OUTSIDE_DEVICE} -j DROP
# This is mainly for PPPoE usage but it won't hurt anyway so we'll just
# keep it here.
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# We don't like the NetBIOS and Samba leaking..
iptables -t nat -A PREROUTING -p TCP -i ${INSIDE_DEVICE} --dport 135:139 -j DROP
iptables -t nat -A PREROUTING -p UDP -i ${INSIDE_DEVICE} --dport 137:139 -j DROP
# We would like to ask for names from our floppyfw box
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Ping and friends.
iptables -A OUTPUT -p icmp -j ACCEPT # to both sides.
iptables -A INPUT -p icmp -j ACCEPT
# And also, DHCP, but we can basically accept anything from the inside.
iptables -A INPUT -i ${INSIDE_DEVICE} -j ACCEPT
iptables -A OUTPUT -o ${INSIDE_DEVICE} -j ACCEPT
# Finally, list what we have
#iptables -L
# If broken DNS:
iptables -L -n
# This enables dynamic IP address following
echo 7 > /proc/sys/net/ipv4/ip_dynaddr
# Rules set, we can enable forwarding in the kernel.
echo "Enabling IP forwarding."
echo "1" > /proc/sys/net/ipv4/ip_forward

不知道那里不对，就是代理不了啊

wjkcboss · 发表于 2005-5-22 04:37:52

ip138.com IP查询(搜索IP地址的地理位置)
您查询的IP:222.50.20.26
查询结果1：广东省广州市铁通
查询结果2：广东省铁通

ip138.com IP查询(搜索IP地址的地理位置)
您查询的IP:219.137.207.57
查询结果1：广东省广州市电信
查询结果2：广东省广州市 ADSL

你们两个不知道想干什么哦，为什么在我的系统里建用户啊

wjkcboss · 发表于 2005-5-22 14:17:16

怎么没人看一下吗．是不是那差哪个步骤？

ttyrone · 发表于 2005-5-23 12:21:07

最简单的代理：（好像是这样的）
iptables -t nat -A POSTROUTING -o 外网网卡 -j SNAT --to 外网固定ip
不是固定ip的要用MASQUERADE

flyingzf · 发表于 2005-8-14 02:08:00

你的第一步就错了：
echo "0" > /proc/sys/net/ipv4/ip_forward
修改成
echo "1" > /proc/sys/net/ipv4/ip_forward

		自动登录	找回密码
密码			注册

我这用做代理服务器对吗？大侠们快来帮我看看哦，谢谢！！

浏览过的版块