为什么我的LINUX不能代理上网讷>?

tripob

用够了WINDOWS2003,想换个系统.一直都听别人说LINUX不错,就选择了...

我在局域网下做了个2级代理,别的机器可以上网.可是我一换到主机上就不行了...

别的机器可以PING通这台机器的两个网卡的IP.就是上不了网.没有办法,又换回2003了 ...5555

我都不知道该了/ETC/RC.D/rc.local 以后,用不用改/etc/sysconfig/IPTABLE 那个文件啊...

各位兄弟说的配置IPTABLE到底是改哪个文件啊?

我的是redhat 9.0

我的rc.local (eth0 192.168.168.231 是内网 eth1 219.149.x.x 是外网)

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/rmmod ipchains
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_nat
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprboe ip_nat_ftp
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F POSTROUTING -t nat
/sbin/iptables -P FORWARD DROP
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.168.0/24 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -s 192.168.168.0/24 -j ACCEPT

我的iptables 文件(没有改变过)

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

请兄弟们帮帮我...谢谢...

tripob

为什么没有人帮助我呢?

tripob

内网是这样的.别人可以通过它上网.可是IP一改成ISP的就不行了...

# Generated by iptables-save v1.2.7a on Mon May 23 12:37:32 2005
*nat
REROUTING ACCEPT [7617:596018]
OSTROUTING ACCEPT [4493:207207]
:OUTPUT ACCEPT [65:3958]
-A PREROUTING -d 192.168.168.208 -p tcp -m tcp --dport 81 -j DNAT --to-destination 192.168.168.201
-A POSTROUTING -s 192.168.168.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -d 192.168.168.201 -p tcp -m tcp --dport 81 -j SNAT --to-source 192.168.168.14
COMMIT
# Completed on Mon May 23 12:37:32 2005
# Generated by iptables-save v1.2.7a on Mon May 23 12:37:32 2005
*filter
:INPUT ACCEPT [15694:3124098]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1168:94231]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.168.0/255.255.255.0 -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
-A RH-Lokkit-0-50-INPUT -s 202.98.5.68 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 202.98.0.68 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon May 23 12:37:32 2005

还有,用IPTABLES-SAVE命令以后,我的配置文件存在哪里了啊?我看/etc/sysconfig/iptables 没有改变啊