6.[root@localhost zhh]# echo "sh /root/zhh/vlan.sh">>/etc/rc.local //把vlan.sh脚本放进/etc/rc.local让系统开机启动执行。
[root@localhost zhh]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
sh /root/zhh/vlan.sh
7.管理NAT服务器
[root@localhost ~]# iptables -L -n //查看iptables input,output,forward策略
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 192.168.30.60 0.0.0.0/0
ACCEPT udp -- 192.168.10.10 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 22
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT udp -- 192.168.30.60 0.0.0.0/0
ACCEPT udp -- 192.168.10.10 0.0.0.0/0
ACCEPT all -- 192.168.0.0/16 0.0.0.0/0
ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 5000,1701,1723,8001,7001,53,1755,8005,801,873
ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 5060,5063,10000,10001,12000,12001,20000,20001,22000,22001
ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 30000,30001,32000,32001,3388,7708
ACCEPT icmp -- 192.168.0.0/16 0.0.0.0/0
ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 110,80,123,1701,2095,8001,3389,8181,2121,8005,801,1723
ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 21,22,25,81,82,8080,443,1433,3214,1503,3128,3388,5632,5631
ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 multiport dports 5050,7708
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost ~]# iptables -L -t nat //查看nat表POSTROUTING,以下已经说明客户端可以上网了。
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/16 anywhere to:192.168.200.9
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost ~]# yum -y install iptraf //安装iptraf流量监控软件然后执行iptraf如下所示菜单
IP traffic monitor
General interface statistics
Detailed interface statistics
Statistical breakdowns..
LAN station monitor
Filters...
Configure...
Exit