|
发表于 2003-12-17 11:18:41
|
显示全部楼层
回复: 关于双网卡上网透明代理的问题
最初由 yinglong 发表
我新装了一个网卡eth1,IP:192.168.0.1 MASK 255.255.255.0
原先的eth0 ,IP:外网地址,状态全部UP了,外网没有问题
eth1内网的ping 不通
eth0:218.x.x.x mask:255.255.255.252
eth1:192.168.0.1 mask:255.255.255.0
eth0外网没问题,用eth1内网ping其它内网的机器互相都是不通,我想实现内网的机器通过访问eth1实现上网功能,不知道在怎么设置
我的网卡都是8139,外网的,是光纤接入有因定IP,内网就是192.168.0.1,以前一个eth0的时候没问题,今天我把服务器由xp装成了linux7.2想做双网卡透明代理,现在就出现这个问题,请您多指教,真是不懂了
第一步:首先安装和配置好防火墙,我用的是 shorewall 防火墙
可以参考我的帖子:http://bbs.linuxsir.cn/showthread.php?threadid=78668
配置如下:
- cat /etc/shorewall/zones:
- ================================================
- wan Internet Internet
- lan Lan Lan
- ================================================
- cat /etc/shorewall/interfaces
- ================================================
- wan eth0 detect
- lan eth1 detect
- ================================================
- cat /etc/shorewall/masq
- ================================================
- eth0 192.168.0.0/24 218.x.x.x #----- Lan Masq To Internet
- ================================================
- cat /etc/shorewall/policy
- ================================================
- fw all ACCEPT # Firewall 可以任意访问所有区域,包括互联网
- lan wan ACCEPT # Lan 可以任意访问互联网
- wan all DROP # 互联网不能随意访问内部网络
- all all REJECT
- ================================================
- cat /etc/shorewall/rules #配置透明代理
- ================================================
- ACCEPT lan fw tcp squid
- REDIRECT lan 3128 tcp 80 - -
- ================================================
复制代码
第二步:配置SQUID代理服务器
- cat /etc/squid/squid.conf
- =============================
- http_port 3128
- visible_hostname localhost
- httpd_accel_host virtual
- httpd_accel_port 80
- httpd_accel_with_proxy on
- httpd_accel_uses_host_header on
- acl manager proto cache_object
- acl localhost src 127.0.0.1/255.255.255.255
- acl SSL_ports port 443 563
- acl Safe_ports port 80
- acl Safe_ports port 21
- acl Safe_ports port 443 563
- acl Safe_ports port 70
- acl Safe_ports port 210
- acl Safe_ports port 1025-65535
- acl Safe_ports port 280
- acl Safe_ports port 488
- acl Safe_ports port 591
- acl Safe_ports port 777
- acl all src 0.0.0.0/0.0.0.0
- acl lan src 192.168.0.0/24
- acl CONNECT method CONNECT
- acl QUERY urlpath_regex cgi-bin \?
- no_cache deny QUERY
- http_access allow lan
- http_access deny all
- icp_access allow all
复制代码 |
|