LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 632|回复: 1

求助网关设置,急~!

[复制链接]
发表于 2004-12-28 22:13:23 | 显示全部楼层 |阅读模式
系统:freebsd5.3
双网卡:8139
rc.conf如下设置:
gateway_enable="YES"
defaultrouter="61.144.xx.1" # 网关
ifconfig_rl0="inet 61.144.xx.xx  netmask 255.255.255.0" # 外网IP
ifconfig_rl1="inet 192.168.0.81  netmask 255.255.255.0"
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.rules"
firewall_quiet="NO"
firewall_logging_enable="YES"
natd_interface="rl0"
natd_enable="YES"
natd_flags="-config /etc/natd.conf"


ipfw自定义ipfw.rules的内容如下:
add 00400 divert natd ip from any to any via rl0
add 00001 deny log ip from any to any ipoptions rr
add 00002 deny log ip from any to any ipoptions ts
add 00003 deny log ip from any to any ipoptions ssrr
add 00004 deny log ip from any to any ipoptions lsrr
add 00005 deny tcp from any to any in tcpflags syn,fin
add 10000 allow tcp from any to 192.168.0.100 22 in
add 10001 allow tcp from any to 192.168.0.100 80 in
add 10002 allow tcp from any to 192.168.0.100 21 in
add 19997 check-state
add 19998 allow tcp from any to any out keep-state setup
add 19999 allow tcp from any to any out
add 20001 allow udp from any 53 to me in recv rl0
add 20002 allow udp from any to 192.168.0.100 53 in recv rl0
add 29999 allow udp from any to any out
add 30000 allow icmp from any to any icmptypes 3
add 30001 allow icmp from any to any icmptypes 4
add 30002 allow icmp from any to any icmptypes 8 out
add 30003 allow icmp from any to any icmptypes 0 in
add 30004 allow icmp from any to any icmptypes 11 in
add 40000 allow all from 192.168.0.0/16 to any
add 40001 allow all from any to 192.168.0.0/16

我想每台客户机82台都通过192.168.0.81网关上网。
帮我看看这样设置有什么不妥的地方?
发表于 2004-12-28 22:27:20 | 显示全部楼层
我的rc.firewall
/sbin/ipfw -f flush
/sbin/ipfw add divert natd all from any to any via ed1
/sbin/ipfw add pass all from any to any
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表